| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Over the past few years I've taken some snapshots of the family. My Dad's a very competent photgrapher; he's grabbed some amazing candids of people for many years. Me, I just point'n'shoot. I thought it would be fun to put some of these photos online, although they're probably boring for everyone but the people in them. Being a software enthusiast I thought that I'd look around for an open source photo album package. I didn't have to look far, although I did end up looking pretty widely at the category. Which leads to: | ||||||||
| Line: 192 to 192 | ||||||||
| *Piawg Is a Web Gallery - version 0.0.10 as of 2002-02-15 http://rodolphe.quiedeville.org/piawg/ Appears to be static, supports themes. | ||||||||
| Deleted: | ||||||||
| < < | and last, but not least... | |||||||
| album - version 2.11 as of 2001-06-26 http://marginalhacks.com/Hacks/album/ Static perl, has themes. I've tried this one and it works well. It doesn't depend on funky software, the themes are easy to hack and it doesn't require strange data files for it to run (just point it at a directory full of jpg files). | ||||||||
| Changed: | ||||||||
| < < | I've rebuilt the caboteria photo album with this script and I'm pleased with the results. I recommend this package. | |||||||
| > > | I built part of the caboteria photo album with this script and I'm pleased with the results. I recommend this package. | |||||||
| Changed: | ||||||||
| < < | A note about security: these packages tend to fall into two categories: those that generate a bunch of static pages and those that generate pages on the fly. Clearly the latter has more functional potential, as it can provide picture upload, dynamic comments, etc. What shouldn't be overlooked, however, are the security implications of the dynamic approach. If you generate a bunch of static pages and put them in a viewable path then you haven't added any additional security risk to your server beyond your web server software. Every CGI, however, is a new program which gets run each time someone looks at a page. I don't know about you, but I feel fairly confident that most of the obvious (and non-obvious) security holes in Apache have been found and fixed. OTOH, I really can't say the same thing about "Ed's picture album CGI program." | |||||||
| > > | A note about securityThese packages tend to fall into two categories: those that generate a bunch of static pages and those that generate pages on the fly. Clearly the latter has more functional potential, as it can provide picture upload, dynamic comments, etc. What shouldn't be overlooked, however, are the security implications of the dynamic approach. If you generate a bunch of static pages and put them in a viewable path then you haven't added any additional security risk to your server beyond your web server software. Every CGI, however, is a new program which gets run each time someone looks at a page. I don't know about you, but I feel fairly confident that most of the obvious (and non-obvious) security holes in Apache have been found and fixed. OTOH, I really can't say the same thing about "Ed's picture album CGI program." | |||||||
| In summary, why expose yourself to more risk than you need to? Use the static approach. Think I'm kidding? On 2001-08-13 one of these packages (name withheld because I don't want to single anyone out) posted a new version with the comment A major security bug which allows visitors to view just about anything the script has access to on your system has been fixed. Now, how many such bugs remain, and how many of these packages have similar bugs that nobody's taken the time to fix? | ||||||||
| Added: | ||||||||
| > > | Put-up or shut-up timeOK, so what did I end up doing? After bouncing around and trying a bunch of packages, I found that album seems to work well. I didn't want to have to maintain a separate software system just to show photos, though, so in the end I worked out a fairly simple hack to TWiki (the system that serves these pages) to allow it to handle photo albums reasonably well. I like to think that this underscores my original point, which is that for most common tasks there's already a program to automate it, and it's better to enhance someone else's software than create an entirely new program, even if you think it would be better than the other guy's. If you're a fan of TWiki you can get the photo album hack at: http://twiki.org/cgi-bin/view/Codev/TWikiPhotoAlbum | |||||||
| Changed: | ||||||||
| < < | -- TobyCabot - 14 Jun 2001 | |||||||
| > > | -- TobyCabot - 14 Jun 2001 - 25 Feb 2002 | |||||||