Loading...
 
Features / Usability

Features / Usability


File gallery question

posts: 96 Romania
Hi folks. I was thinking about adding some features to the file gallery of tikiwiki (namely the ability to specify an external URL for a file). I found this field in the tiki_files table called reference_url Is this reserved for a different purpose or can it be used for storing the external URL value? I don't know for sure if I'll succeed in doing this, but finding this out could be an encouraging step smile
posts: 1001 Canada

Hi trickster,
As I think I said eariler, I also want this twisted
The field doesn't seem to be used yet from test Tiki DB's exploring, and $ grep -R reference_url * is also quiet on what it could be used for. It seems someone thought about you wink
Note that this topic could be more appropriate for Tiki development forum, or even the developers' mailing list.
Good courage

posts: 96 Romania

> Chealer9:
> Hi trickster,
> As I think I said eariler, I also want this twisted
> The field doesn't seem to be used yet from test Tiki DB's exploring, and $ grep -R reference_url * is also quiet on what it could be used for. It seems someone thought about you wink
> Note that this topic could be more appropriate for Tiki development forum, or even the developers' mailing list.
> Good courage

To Damian: to be honest I can't see why you think specifying an external URL for files would be a security hole. It would simply allow for far bigger file galleries than one could have by using their own server space, not to mention saving bandwidth. This could allow use of tikiwiki for a sourceforge clone. You could have files stored locally (if you wanted and could afford to) and you could also provide links to mirrors or someone else's files.

Besides even if it were a risk, some new permissions could be implemented to allow only certain user groups (most likely admins because it makes the most sense) to specify external URLS.


posts: 2881 United Kingdom


> To Damian: to be honest I can't see why you think specifying an external URL for files would be a security hole. It would simply allow for far bigger file galleries than one could have by using their own server space, not to mention saving bandwidth. This could allow use of tikiwiki for a sourceforge clone. You could have files stored locally (if you wanted and could afford to) and you could also provide links to mirrors or someone else's files.
>
> Besides even if it were a risk, some new permissions could be implemented to allow only certain user groups (most likely admins because it makes the most sense) to specify external URLS.
>

Basically it would open up the chance even more for integreity of data. At the moment I know my files are secure because their filenames are md5, Id love to see you try and guess one :-) However using your method it wouldnt be so secure for my data. The filename could be guessed easily and downloaded directly much more easier.

I believe to get those changes into CVS code it would need to copy or rename the file to its md5 hash.

posts: 96 Romania

> Damian:
>
>
> Basically it would open up the chance even more for integreity of data. At the moment I know my files are secure because their filenames are md5, Id love to see you try and guess one :-) However using your method it wouldnt be so secure for my data. The filename could be guessed easily and downloaded directly much more easier.
>
> I believe to get those changes into CVS code it would need to copy or rename the file to its md5 hash.

What do you mean "it would open up the chance even more for integreity of data" ?

Sourceforge's files aren't m5-ed, if you use a little logic you can download almost any file directly from any of its mirrors, but how many people go to the trouble of trying to download a file directly? But like I said, storing all the files on your own server quickly becomes impractical in terms of server space, and in terms of bandwidth. Suppose I want to put up Windows 2000 SP4 for download, I don't think I'm even allowed by Microsoft to load it on my server. So I would have to specify it's URL directly.

posts: 2881 United Kingdom

> trickster:
> > Damian:
> >
> >
> > Basically it would open up the chance even more for integreity of data. At the moment I know my files are secure because their filenames are md5, Id love to see you try and guess one :-) However using your method it wouldnt be so secure for my data. The filename could be guessed easily and downloaded directly much more easier.
> >
> > I believe to get those changes into CVS code it would need to copy or rename the file to its md5 hash.
>
> What do you mean "it would open up the chance even more for integreity of data" ?
>
> Sourceforge's files aren't m5-ed, if you use a little logic you can download almost any file directly from any of its mirrors, but how many people go to the trouble of trying to download a file directly? But like I said, storing all the files on your own server quickly becomes impractical in terms of server space, and in terms of bandwidth. Suppose I want to put up Windows 2000 SP4 for download, I don't think I'm even allowed by Microsoft to load it on my server. So I would have to specify it's URL directly.

Ah remote storage. Kind of enters into the dodgy area of bandwidth stealing from others servers wink

Im sure it will work out in the end smile

posts: 96 Romania

> Damian:

> Ah remote storage. Kind of enters into the dodgy area of bandwidth stealing from others servers wink
>
> Im sure it will work out in the end smile

I'd have to disagree with that. I'm sure you know Cnet.com and it's related site Download.com. In most cases the links on their site point to the software developers' website (so if I were to download Nero from them I would actually be downloading it from the developer's website). But the developers put up with it because of the huge customer exposure (hope I got the term right) smile.


posts: 2881 United Kingdom

Yo!

Id prefer to see an import area, copying the file into the correct storage area on the site from the URL, then md5 ing the filename to increase its security aspects, otherwise i'm afraid I would see this option as a potential security hole.

With regards to posting in the forums I dont think it matters too much. We all hang out in all the same places mrgreen


Damian


posts: 96 Romania

> Chealer9:
> Hi trickster,
> As I think I said eariler, I also want this twisted
> The field doesn't seem to be used yet from test Tiki DB's exploring, and $ grep -R reference_url * is also quiet on what it could be used for. It seems someone thought about you wink
> Note that this topic could be more appropriate for Tiki development forum, or even the developers' mailing list.
> Good courage

To Damian: to be honest I can't see why you think specifying an external URL for files would be a security hole. It would simply allow for far bigger file galleries than one could have by using their own server space, not to mention saving bandwidth. This could allow use of tikiwiki for a sourceforge clone. You could have files stored locally (if you wanted and could afford to) and you could also provide links to mirrors or someone else's files.

Besides even if it were a risk, some new permissions could be implemented to allow only certain user groups (most likely admins because it makes the most sense) to specify external URLS.


posts: 2881 United Kingdom


> To Damian: to be honest I can't see why you think specifying an external URL for files would be a security hole. It would simply allow for far bigger file galleries than one could have by using their own server space, not to mention saving bandwidth. This could allow use of tikiwiki for a sourceforge clone. You could have files stored locally (if you wanted and could afford to) and you could also provide links to mirrors or someone else's files.
>
> Besides even if it were a risk, some new permissions could be implemented to allow only certain user groups (most likely admins because it makes the most sense) to specify external URLS.
>

Basically it would open up the chance even more for integreity of data. At the moment I know my files are secure because their filenames are md5, Id love to see you try and guess one :-) However using your method it wouldnt be so secure for my data. The filename could be guessed easily and downloaded directly much more easier.

I believe to get those changes into CVS code it would need to copy or rename the file to its md5 hash.

posts: 96 Romania

> Damian:
>
>
> Basically it would open up the chance even more for integreity of data. At the moment I know my files are secure because their filenames are md5, Id love to see you try and guess one :-) However using your method it wouldnt be so secure for my data. The filename could be guessed easily and downloaded directly much more easier.
>
> I believe to get those changes into CVS code it would need to copy or rename the file to its md5 hash.

What do you mean "it would open up the chance even more for integreity of data" ?

Sourceforge's files aren't m5-ed, if you use a little logic you can download almost any file directly from any of its mirrors, but how many people go to the trouble of trying to download a file directly? But like I said, storing all the files on your own server quickly becomes impractical in terms of server space, and in terms of bandwidth. Suppose I want to put up Windows 2000 SP4 for download, I don't think I'm even allowed by Microsoft to load it on my server. So I would have to specify it's URL directly.

posts: 2881 United Kingdom

> trickster:
> > Damian:
> >
> >
> > Basically it would open up the chance even more for integreity of data. At the moment I know my files are secure because their filenames are md5, Id love to see you try and guess one :-) However using your method it wouldnt be so secure for my data. The filename could be guessed easily and downloaded directly much more easier.
> >
> > I believe to get those changes into CVS code it would need to copy or rename the file to its md5 hash.
>
> What do you mean "it would open up the chance even more for integreity of data" ?
>
> Sourceforge's files aren't m5-ed, if you use a little logic you can download almost any file directly from any of its mirrors, but how many people go to the trouble of trying to download a file directly? But like I said, storing all the files on your own server quickly becomes impractical in terms of server space, and in terms of bandwidth. Suppose I want to put up Windows 2000 SP4 for download, I don't think I'm even allowed by Microsoft to load it on my server. So I would have to specify it's URL directly.

Ah remote storage. Kind of enters into the dodgy area of bandwidth stealing from others servers wink

Im sure it will work out in the end smile

posts: 96 Romania

> Damian:

> Ah remote storage. Kind of enters into the dodgy area of bandwidth stealing from others servers wink
>
> Im sure it will work out in the end smile

I'd have to disagree with that. I'm sure you know Cnet.com and it's related site Download.com. In most cases the links on their site point to the software developers' website (so if I were to download Nero from them I would actually be downloading it from the developer's website). But the developers put up with it because of the huge customer exposure (hope I got the term right) smile.


Upcoming Events

1)  Thu 19 Dec 2019 14:00 GMT-0000
Roundtable Meeting 2019 12

Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.