var/albums question

rve66

Joined: 2009-09-10
Posts: 31

Posted: Sun, 2009-09-20 21:22

Install of G3B3 was very simple. After this I uploaded a photo but it seems with G3 it is within structure able to access them without G3 in between?

like we have htdocs/gallery3/var/album/pictures/image.jpg

with G2 we had option to place the pictures at location before htdocs/ and so one could not just access them via http:// but only via G2 right?

Can I simply change this somewhere? Otherwise pictures are open for all! Or did I miss something here? I tried to look into all options but did not see something to change this.

RvE

rve66

Joined: 2009-09-10
Posts: 31

Posted: Sun, 2009-09-20 21:28

To show this is what I do not like to be able to do:

http://www.luftbildner.de/gallery3/var/albums/Drachenfeste/2007/3_Familiendrachenfest_Berlin_Brandenburg/001.jpg

getting to pictures without going to Gallery is not what I want (not even because I just want them only within my own view not like the link above)

RvE

floridave

Joined: 2003-12-22
Posts: 22888

Posted: Sun, 2009-09-20 23:37

FAQ: Are my photos secure? They're right there on my website!

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

feldon30

Joined: 2009-06-22
Posts: 5

Posted: Mon, 2009-09-21 06:24

I do appreciate all the efforts of developing Gallery 3.

However I also have concerns that Gallery 3 is going to be peppering my site with .htaccess files all over the place.

Is it not very easy to allow the software to view photos with a view.php which abstracts the location of the files?

I would think the biggest performance gains of Menalto Gallery 3 are less MySQL queries, more efficiency in the templates, cleaned interface with less clutter, not just because you are serving 10458932.jpg instead of view.php?img=10458932.jpg.

floridave

Joined: 2003-12-22
Posts: 22888

Posted: Mon, 2009-09-21 13:14

Quote:

Is it not very easy to allow the software to view photos with a view.php which abstracts the location of the files?

We did that in G2 and had all requests go through the image firewall. This was a huge performance impact. It also caused the permissions UI to be very complex and hard to understand. There was a bunch of other reasons as well.
Feel free to give G2 a spin. Perhaps it better suits your needs.

Quote:

I would think the biggest performance gains of Menalto Gallery 3 are less MySQL queries, more efficiency in the templates, cleaned interface with less clutter, not just because you are serving 10458932.jpg instead of view.php?img=10458932.jpg.

Please make specific suggestions. We admit we don't know everything about SQL. Have you done any benchmarking with 'less clutter'? Where is the clutter?
How can we improve the templates? We are using HTML with php, In G2 we had a template engine, smarty, and it was too complex for our users to understand.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

rve66

Joined: 2009-09-10
Posts: 31

Posted: Mon, 2009-09-21 16:29

The FAQ is just not the answer.

I am not against having the photo's being public (ie no security on viewing), otherwise don't put them on the net right!!!
But I want them only to be viewed within Gallery and not outside Gallery (it is messing up my site) This was in G2 fine but in G3 it's just not.

Also IF I want to add security on it, my other topic (http://gallery.menalto.com/node/91321) comes in place,
being the security is not as flexible as it is in G2 as far as I can tell.

Ruud

feldon30

Joined: 2009-06-22
Posts: 5

Posted: Mon, 2009-09-21 16:59

floridave wrote:

Quote:

Is it not very easy to allow the software to view photos with a view.php which abstracts the location of the files?

We did that in G2 and had all requests go through the image firewall. This was a huge performance impact. It also caused the permissions UI to be very complex and hard to understand. There was a bunch of other reasons as well.
Feel free to give G2 a spin. Perhaps it better suits your needs.

I don't understand how serving up
* http://www.mywebsite.com/gallery/view.php?image=labrador123&album=dogs
instead of
* http://www.mywebsite.com/gallery/var/dogs/labrador123.jpg
would require a "complex and hard to understand permissions UI".

All the view.php file would do is

$image = fread(fopen($filename, "r"), filesize($filename));
header('Content-Type: image/jpeg');
echo $image;
fclose($image);

I am not saying go back to Gallery 2 where each image could be locked individually. That was permissions overload. I would start with view.php to serve images as described above. Now this doesn't get you any additional permissions ability, but it's a start.

I foresee a dev adding a permissions cache to Gallery 3 that stores the permissions for each album on the site. How many sites have thousands of albums/folders? I see a very straightforward cache with each album flagged as either GUEST or a CSV of users with authorized access. In short, we don't want to add a SQL query to view.php if we can help it.

If you know whether the user has access to the containing folder for the image (either GUEST, or a list of authorized users), then the PHP script can quickly compare against $_SESSION and $_COOKIE before serving the image.

Quote:

Quote:

I would think the biggest performance gains of Menalto Gallery 3 are less MySQL queries, more efficiency in the templates, cleaned interface with less clutter, not just because you are serving 10458932.jpg instead of view.php?img=10458932.jpg.

Please make specific suggestions. We admit we don't know everything about SQL. Have you done any benchmarking with 'less clutter'? Where is the clutter?
How can we improve the templates? We are using HTML with php, In G2 we had a template engine, smarty, and it was too complex for our users to understand.

You misunderstand me. I am saying that the biggest benefits of Menalto Gallery 3 are all the other changes you've done. Gallery 2 threw out so many MySQL queries to do its job I'm surprised there weren't flames shooting out of servers. Yes, it was good for its time but it was not efficient.

I'm just saying I sincerely doubt that the "best feature" of Menalto Gallery 3 is that images are a straight JPEG link instead of being served by a PHP file.

rve66

Joined: 2009-09-10
Posts: 31

Posted: Mon, 2009-09-21 17:43

I will not go into feldon30 his comments they look clear to me.

This is not the way to go. I have seen some nice site's out and I do believe they will never go to the G3 version like it is now, sorry to say O and I need to add to this, going away from smarty because being to complex is imho a wrong argument
because so far it takes me much more time to change behavior (I wrote Guestbook for Gallery2) and to get normal look on it to.
I think changing skin for G3 is much more dificult as it used to be (but this is mho) Do you realy think people understanding HTML do understand FOREACH kind of stuff NO THEY DO NOT and so people understand this are people understand smarty so why
go away from those people??

nivekiam

Joined: 2002-12-10
Posts: 16503

Posted: Mon, 2009-09-21 19:48

We're talking about 2 different topics here. I'm not even going to touch on Smarty because that's not what this thread was started about.

As for where the photos are located, the link Dave posted is the answer. Your photos are secure and G3 is faster because of this configuration. We are not automatically going to run every file through a file proxy. This greatly simplifies things and helps make G3 faster than G2 right out of the box.

FAQ: Are my photos secure? They're right there on my website!

If you want to secure your photos further, use Apache to utilize .htaccess and edit the permissions of your albums. If you have other comments or concerns, please ask specific questions.
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

feldon30

Joined: 2009-06-22
Posts: 5

Posted: Mon, 2009-09-21 20:01

Yeah let's not get into Smarty. I'm glad it's dead. ;)

I'm sorry to see that the ability to lock down photos is being completely ignored and our site is going to be peppered with .htaccess.

nivekiam

Joined: 2002-12-10
Posts: 16503

Posted: Mon, 2009-09-21 20:04

You could create a module to slow G3 down and have fine grained permissions at the photo level. It's just not going to happen in the core. The vast majority of users do only edit permissions at the album level, not at the individual photo level. Adding that level in there greatly increases complexity and slows performance down.

Why do you care so much about an .htaccess file in a few directories?
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

rve66

Joined: 2009-09-10
Posts: 31

Posted: Mon, 2009-09-21 20:43

Sorry, need to stick to topic right,

again, if i go for the FAQ it means I have a lot of work securing but also on publishing.

As I told, also photo's I want to have public I want to have them public only via Gallery right (told this earlier)

With G3 this is not posible because the var/albums is making pictures visible outside Gallery to all without using
G3 at all (like is showed in a link above)
Now one could create .htaccess files but still not via GUI and not even in a way security or user/groups where done in
G2 version.

I have version in wich i have

4 albums (and subalbums) public view by everybody
3 albums (and subalbums) only by registerd users (and at some time even tight for specified users)
6 albums (and subalbums) only for owner of album or specified users

within this users of the subalbums are able to give view option to others also ...

In G3 I can not do this and all pictures in last 9 main albums are accessible to everybody because user admin is
gone in how it could be done in G2.

So this .htaccess stuff for me is just ....

G3 is not working right if one is also using security but also G3 is alowing pictures to be getting out outside Gallery environment. One can use robot.txt to keep bots out but well not every bot is following this file so ... i want to keep all my pictures out of the bots and G3 does not.

RVe

rve66

Joined: 2009-09-10
Posts: 31

Posted: Mon, 2009-09-21 20:58

BTW: of topic, i realy do like the support Gallery is having on this site!

nivekiam

Joined: 2002-12-10
Posts: 16503

Posted: Mon, 2009-09-21 21:24

Quote:

As I told, also photo's I want to have public I want to have them public only via Gallery right (told this earlier)

Why? Do you just want to prevent hotlinking? G2 didn't automatically stop that unless you had URL Rewrite installed. You can still do this in G3 with .htaccess rules.

What do you see as the advantage of having all files, even public ones run through a file proxy?
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

floridave

Joined: 2003-12-22
Posts: 22888

Posted: Wed, 2009-09-23 04:29

rve66 wrote:

I think changing skin for G3 is much more dificult as it used to be (but this is mho) Do you realy think people understanding HTML do understand FOREACH kind of stuff NO THEY DO NOT and so people understand this are people understand smarty so why
go away from those people??

In G3 we don't use a 3rd language (smarty) that very few people know about at all. The vast majority of administrators understand some HTML and CSS. Some even understand some php.
We have some survey results to back this up.
With the existing code you can decipher some of the php variables, and not forcing users to learn another language in addition to php.
We can't just use HTML only (some other code is required) so we simplified the learning curve for a lot of users. The number of people that understand smarty was a very small percentage.

Feel free to continue to develop for G2 as lots of users will find that some features are in G2 and will be some time before they are available to G3.

Dave

_____________________________________________
Blog & G2 || floridave - Gallery Team

floridave

Joined: 2003-12-22
Posts: 22888

Posted: Wed, 2009-09-23 04:54

Serving images though a proxy is slower. So we only serve images through a proxy if permissions need to be checked. Serving ALL image though a proxy is a waste. We went for the 80/20 rule in G3. Our survey results show that speed was one of the most important factors. Couple that with very few images are private/protected we chose Apache to serve the images.

Quote:

If you know whether the user has access to the containing folder for the image (either GUEST, or a list of authorized users), then the PHP script can quickly compare against $_SESSION and $_COOKIE before serving the image.

That is what we do now in a different way with .htaccess. We cont check if we don't have to, saving time.
Create a fork of G3 and we can compare your method with the method we chose. Perhaps we went down the wrong road.

feldon30 wrote:

I'm just saying I sincerely doubt that the "best feature" of Menalto Gallery 3 is that images are a straight JPEG link instead of being served by a PHP file.

So there is no clutter now? Where did we say that the 'best feature' is using Apache to serve the image instead of some PHP code?
G3 is much faster. That is proven. I don't think there is a 'best feature' in G3.
I must say that is IS faster than G2, but that is my option as well as others.

I guess I don't understand what you are after. If you feel we went in the wrong direction please don't use generalities and show specific examples where we can improve.

Dave

_____________________________________________
Blog & G2 || floridave - Gallery Team

rve66 Joined: 2009-09-10 Posts: 31	Posted: Sun, 2009-09-20 21:22
	Install of G3B3 was very simple. After this I uploaded a photo but it seems with G3 it is within structure able to access them without G3 in between? like we have htdocs/gallery3/var/album/pictures/image.jpg with G2 we had option to place the pictures at location before htdocs/ and so one could not just access them via http:// but only via G2 right? Can I simply change this somewhere? Otherwise pictures are open for all! Or did I miss something here? I tried to look into all options but did not see something to change this. RvE
	XUser login Username: * Password: * Create new account Request new password
rve66 Joined: 2009-09-10 Posts: 31	Posted: Sun, 2009-09-20 21:28
	To show this is what I do not like to be able to do: http://www.luftbildner.de/gallery3/var/albums/Drachenfeste/2007/3_Familiendrachenfest_Berlin_Brandenburg/001.jpg getting to pictures without going to Gallery is not what I want (not even because I just want them only within my own view not like the link above) RvE

floridave Joined: 2003-12-22 Posts: 22888	Posted: Sun, 2009-09-20 23:37
	FAQ: Are my photos secure? They're right there on my website! Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

feldon30 Joined: 2009-06-22 Posts: 5	Posted: Mon, 2009-09-21 06:24
	I do appreciate all the efforts of developing Gallery 3. However I also have concerns that Gallery 3 is going to be peppering my site with .htaccess files all over the place. Is it not very easy to allow the software to view photos with a view.php which abstracts the location of the files? I would think the biggest performance gains of Menalto Gallery 3 are less MySQL queries, more efficiency in the templates, cleaned interface with less clutter, not just because you are serving 10458932.jpg instead of view.php?img=10458932.jpg.

floridave Joined: 2003-12-22 Posts: 22888	Posted: Mon, 2009-09-21 13:14
	Quote: Is it not very easy to allow the software to view photos with a view.php which abstracts the location of the files? We did that in G2 and had all requests go through the image firewall. This was a huge performance impact. It also caused the permissions UI to be very complex and hard to understand. There was a bunch of other reasons as well. Feel free to give G2 a spin. Perhaps it better suits your needs. Quote: I would think the biggest performance gains of Menalto Gallery 3 are less MySQL queries, more efficiency in the templates, cleaned interface with less clutter, not just because you are serving 10458932.jpg instead of view.php?img=10458932.jpg. Please make specific suggestions. We admit we don't know everything about SQL. Have you done any benchmarking with 'less clutter'? Where is the clutter? How can we improve the templates? We are using HTML with php, In G2 we had a template engine, smarty, and it was too complex for our users to understand. Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

rve66 Joined: 2009-09-10 Posts: 31	Posted: Mon, 2009-09-21 16:29
	The FAQ is just not the answer. I am not against having the photo's being public (ie no security on viewing), otherwise don't put them on the net right!!! But I want them only to be viewed within Gallery and not outside Gallery (it is messing up my site) This was in G2 fine but in G3 it's just not. Also IF I want to add security on it, my other topic (http://gallery.menalto.com/node/91321) comes in place, being the security is not as flexible as it is in G2 as far as I can tell. Ruud

feldon30 Joined: 2009-06-22 Posts: 5	Posted: Mon, 2009-09-21 16:59
	floridave wrote: Quote: Is it not very easy to allow the software to view photos with a view.php which abstracts the location of the files? We did that in G2 and had all requests go through the image firewall. This was a huge performance impact. It also caused the permissions UI to be very complex and hard to understand. There was a bunch of other reasons as well. Feel free to give G2 a spin. Perhaps it better suits your needs. I don't understand how serving up * http://www.mywebsite.com/gallery/view.php?image=labrador123&album=dogs instead of * http://www.mywebsite.com/gallery/var/dogs/labrador123.jpg would require a "complex and hard to understand permissions UI". All the view.php file would do is $image = fread(fopen($filename, "r"), filesize($filename)); header('Content-Type: image/jpeg'); echo $image; fclose($image); I am not saying go back to Gallery 2 where each image could be locked individually. That was permissions overload. I would start with view.php to serve images as described above. Now this doesn't get you any additional permissions ability, but it's a start. I foresee a dev adding a permissions cache to Gallery 3 that stores the permissions for each album on the site. How many sites have thousands of albums/folders? I see a very straightforward cache with each album flagged as either GUEST or a CSV of users with authorized access. In short, we don't want to add a SQL query to view.php if we can help it. If you know whether the user has access to the containing folder for the image (either GUEST, or a list of authorized users), then the PHP script can quickly compare against $_SESSION and $_COOKIE before serving the image. Quote: Quote: I would think the biggest performance gains of Menalto Gallery 3 are less MySQL queries, more efficiency in the templates, cleaned interface with less clutter, not just because you are serving 10458932.jpg instead of view.php?img=10458932.jpg. Please make specific suggestions. We admit we don't know everything about SQL. Have you done any benchmarking with 'less clutter'? Where is the clutter? How can we improve the templates? We are using HTML with php, In G2 we had a template engine, smarty, and it was too complex for our users to understand. You misunderstand me. I am saying that the biggest benefits of Menalto Gallery 3 are all the other changes you've done. Gallery 2 threw out so many MySQL queries to do its job I'm surprised there weren't flames shooting out of servers. Yes, it was good for its time but it was not efficient. I'm just saying I sincerely doubt that the "best feature" of Menalto Gallery 3 is that images are a straight JPEG link instead of being served by a PHP file.

rve66 Joined: 2009-09-10 Posts: 31	Posted: Mon, 2009-09-21 17:43
	I will not go into feldon30 his comments they look clear to me. This is not the way to go. I have seen some nice site's out and I do believe they will never go to the G3 version like it is now, sorry to say O and I need to add to this, going away from smarty because being to complex is imho a wrong argument because so far it takes me much more time to change behavior (I wrote Guestbook for Gallery2) and to get normal look on it to. I think changing skin for G3 is much more dificult as it used to be (but this is mho) Do you realy think people understanding HTML do understand FOREACH kind of stuff NO THEY DO NOT and so people understand this are people understand smarty so why go away from those people??

nivekiam Joined: 2002-12-10 Posts: 16503	Posted: Mon, 2009-09-21 19:48
	We're talking about 2 different topics here. I'm not even going to touch on Smarty because that's not what this thread was started about. As for where the photos are located, the link Dave posted is the answer. Your photos are secure and G3 is faster because of this configuration. We are not automatically going to run every file through a file proxy. This greatly simplifies things and helps make G3 faster than G2 right out of the box. FAQ: Are my photos secure? They're right there on my website! If you want to secure your photos further, use Apache to utilize .htaccess and edit the permissions of your albums. If you have other comments or concerns, please ask specific questions. ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

feldon30 Joined: 2009-06-22 Posts: 5	Posted: Mon, 2009-09-21 20:01
	Yeah let's not get into Smarty. I'm glad it's dead. ;) I'm sorry to see that the ability to lock down photos is being completely ignored and our site is going to be peppered with .htaccess.

nivekiam Joined: 2002-12-10 Posts: 16503	Posted: Mon, 2009-09-21 20:04
	You could create a module to slow G3 down and have fine grained permissions at the photo level. It's just not going to happen in the core. The vast majority of users do only edit permissions at the album level, not at the individual photo level. Adding that level in there greatly increases complexity and slows performance down. Why do you care so much about an .htaccess file in a few directories? ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

rve66 Joined: 2009-09-10 Posts: 31	Posted: Mon, 2009-09-21 20:43
	Sorry, need to stick to topic right, again, if i go for the FAQ it means I have a lot of work securing but also on publishing. As I told, also photo's I want to have public I want to have them public only via Gallery right (told this earlier) With G3 this is not posible because the var/albums is making pictures visible outside Gallery to all without using G3 at all (like is showed in a link above) Now one could create .htaccess files but still not via GUI and not even in a way security or user/groups where done in G2 version. I have version in wich i have 4 albums (and subalbums) public view by everybody 3 albums (and subalbums) only by registerd users (and at some time even tight for specified users) 6 albums (and subalbums) only for owner of album or specified users within this users of the subalbums are able to give view option to others also ... In G3 I can not do this and all pictures in last 9 main albums are accessible to everybody because user admin is gone in how it could be done in G2. So this .htaccess stuff for me is just .... G3 is not working right if one is also using security but also G3 is alowing pictures to be getting out outside Gallery environment. One can use robot.txt to keep bots out but well not every bot is following this file so ... i want to keep all my pictures out of the bots and G3 does not. RVe

rve66 Joined: 2009-09-10 Posts: 31	Posted: Mon, 2009-09-21 20:58
	BTW: of topic, i realy do like the support Gallery is having on this site!

nivekiam Joined: 2002-12-10 Posts: 16503	Posted: Mon, 2009-09-21 21:24
	Quote: As I told, also photo's I want to have public I want to have them public only via Gallery right (told this earlier) Why? Do you just want to prevent hotlinking? G2 didn't automatically stop that unless you had URL Rewrite installed. You can still do this in G3 with .htaccess rules. What do you see as the advantage of having all files, even public ones run through a file proxy? ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here

floridave Joined: 2003-12-22 Posts: 22888	Posted: Wed, 2009-09-23 04:29
	rve66 wrote: I think changing skin for G3 is much more dificult as it used to be (but this is mho) Do you realy think people understanding HTML do understand FOREACH kind of stuff NO THEY DO NOT and so people understand this are people understand smarty so why go away from those people?? In G3 we don't use a 3rd language (smarty) that very few people know about at all. The vast majority of administrators understand some HTML and CSS. Some even understand some php. We have some survey results to back this up. With the existing code you can decipher some of the php variables, and not forcing users to learn another language in addition to php. We can't just use HTML only (some other code is required) so we simplified the learning curve for a lot of users. The number of people that understand smarty was a very small percentage. Feel free to continue to develop for G2 as lots of users will find that some features are in G2 and will be some time before they are available to G3. Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

floridave Joined: 2003-12-22 Posts: 22888	Posted: Wed, 2009-09-23 04:54
	Serving images though a proxy is slower. So we only serve images through a proxy if permissions need to be checked. Serving ALL image though a proxy is a waste. We went for the 80/20 rule in G3. Our survey results show that speed was one of the most important factors. Couple that with very few images are private/protected we chose Apache to serve the images. Quote: If you know whether the user has access to the containing folder for the image (either GUEST, or a list of authorized users), then the PHP script can quickly compare against $_SESSION and $_COOKIE before serving the image. That is what we do now in a different way with .htaccess. We cont check if we don't have to, saving time. Create a fork of G3 and we can compare your method with the method we chose. Perhaps we went down the wrong road. feldon30 wrote: I'm just saying I sincerely doubt that the "best feature" of Menalto Gallery 3 is that images are a straight JPEG link instead of being served by a PHP file. So there is no clutter now? Where did we say that the 'best feature' is using Apache to serve the image instead of some PHP code? G3 is much faster. That is proven. I don't think there is a 'best feature' in G3. I must say that is IS faster than G2, but that is my option as well as others. I guess I don't understand what you are after. If you feel we went in the wrong direction please don't use generalities and show specific examples where we can improve. Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

var/albums question

XUser login