Loading...
 
Features / Usability

Features / Usability

Forum List Topic List

 
Thread actions
PDF Print this page
  • Print all pages

    • File gallery question

    Posted by cosmin posts: 96 Romania
    Hi folks. I was thinking about adding some features to the file gallery of tikiwiki (namely the ability to specify an external URL for a file). I found this field in the tiki_files table called reference_url Is this reserved for a different purpose or can it be used for storing the external URL value? I don't know for sure if I'll succeed in doing this, but finding this out could be an encouraging step smile
    Reads: 1257
    Link
    Posted by Philippe Cloutier posts: 1001 Canada

    Hi trickster,
    As I think I said eariler, I also want this twisted
    The field doesn't seem to be used yet from test Tiki DB's exploring, and $ grep -R reference_url * is also quiet on what it could be used for. It seems someone thought about you wink
    Note that this topic could be more appropriate for Tiki development forum, or even the developers' mailing list.
    Good courage

    Link
    Posted by cosmin posts: 96 Romania

    > Chealer9:
    > Hi trickster,
    > As I think I said eariler, I also want this twisted
    > The field doesn't seem to be used yet from test Tiki DB's exploring, and $ grep -R reference_url * is also quiet on what it could be used for. It seems someone thought about you wink
    > Note that this topic could be more appropriate for Tiki development forum, or even the developers' mailing list.
    > Good courage

    To Damian: to be honest I can't see why you think specifying an external URL for files would be a security hole. It would simply allow for far bigger file galleries than one could have by using their own server space, not to mention saving bandwidth. This could allow use of tikiwiki for a sourceforge clone. You could have files stored locally (if you wanted and could afford to) and you could also provide links to mirrors or someone else's files.

    Besides even if it were a risk, some new permissions could be implemented to allow only certain user groups (most likely admins because it makes the most sense) to specify external URLS.


    Link
    Posted by Damian Parker posts: 2881 United Kingdom


    > To Damian: to be honest I can't see why you think specifying an external URL for files would be a security hole. It would simply allow for far bigger file galleries than one could have by using their own server space, not to mention saving bandwidth. This could allow use of tikiwiki for a sourceforge clone. You could have files stored locally (if you wanted and could afford to) and you could also provide links to mirrors or someone else's files.
    >
    > Besides even if it were a risk, some new permissions could be implemented to allow only certain user groups (most likely admins because it makes the most sense) to specify external URLS.
    >

    Basically it would open up the chance even more for integreity of data. At the moment I know my files are secure because their filenames are md5, Id love to see you try and guess one :-) However using your method it wouldnt be so secure for my data. The filename could be guessed easily and downloaded directly much more easier.

    I believe to get those changes into CVS code it would need to copy or rename the file to its md5 hash.

    Link
    Posted by cosmin posts: 96 Romania

    > Damian:
    >
    >
    > Basically it would open up the chance even more for integreity of data. At the moment I know my files are secure because their filenames are md5, Id love to see you try and guess one :-) However using your method it wouldnt be so secure for my data. The filename could be guessed easily and downloaded directly much more easier.
    >
    > I believe to get those changes into CVS code it would need to copy or rename the file to its md5 hash.

    What do you mean "it would open up the chance even more for integreity of data" ?

    Sourceforge's files aren't m5-ed, if you use a little logic you can download almost any file directly from any of its mirrors, but how many people go to the trouble of trying to download a file directly? But like I said, storing all the files on your own server quickly becomes impractical in terms of server space, and in terms of bandwidth. Suppose I want to put up Windows 2000 SP4 for download, I don't think I'm even allowed by Microsoft to load it on my server. So I would have to specify it's URL directly.

    Link
    Posted by Damian Parker posts: 2881 United Kingdom

    > trickster:
    > > Damian:
    > >
    > >
    > > Basically it would open up the chance even more for integreity of data. At the moment I know my files are secure because their filenames are md5, Id love to see you try and guess one :-) However using your method it wouldnt be so secure for my data. The filename could be guessed easily and downloaded directly much more easier.
    > >
    > > I believe to get those changes into CVS code it would need to copy or rename the file to its md5 hash.
    >
    > What do you mean "it would open up the chance even more for integreity of data" ?
    >
    > Sourceforge's files aren't m5-ed, if you use a little logic you can download almost any file directly from any of its mirrors, but how many people go to the trouble of trying to download a file directly? But like I said, storing all the files on your own server quickly becomes impractical in terms of server space, and in terms of bandwidth. Suppose I want to put up Windows 2000 SP4 for download, I don't think I'm even allowed by Microsoft to load it on my server. So I would have to specify it's URL directly.

    Ah remote storage. Kind of enters into the dodgy area of bandwidth stealing from others servers wink

    Im sure it will work out in the end smile

    Link
    Posted by cosmin posts: 96 Romania

    > Damian:

    > Ah remote storage. Kind of enters into the dodgy area of bandwidth stealing from others servers wink
    >
    > Im sure it will work out in the end smile

    I'd have to disagree with that. I'm sure you know Cnet.com and it's related site Download.com. In most cases the links on their site point to the software developers' website (so if I were to download Nero from them I would actually be downloading it from the developer's website). But the developers put up with it because of the huge customer exposure (hope I got the term right) smile.

    Link

    Posted by Damian Parker posts: 2881 United Kingdom

    Yo!

    Id prefer to see an import area, copying the file into the correct storage area on the site from the URL, then md5 ing the filename to increase its security aspects, otherwise i'm afraid I would see this option as a potential security hole.

    With regards to posting in the forums I dont think it matters too much. We all hang out in all the same places mrgreen


    Damian

    Link

    Posted by cosmin posts: 96 Romania

    > Chealer9:
    > Hi trickster,
    > As I think I said eariler, I also want this twisted
    > The field doesn't seem to be used yet from test Tiki DB's exploring, and $ grep -R reference_url * is also quiet on what it could be used for. It seems someone thought about you wink
    > Note that this topic could be more appropriate for Tiki development forum, or even the developers' mailing list.
    > Good courage

    To Damian: to be honest I can't see why you think specifying an external URL for files would be a security hole. It would simply allow for far bigger file galleries than one could have by using their own server space, not to mention saving bandwidth. This could allow use of tikiwiki for a sourceforge clone. You could have files stored locally (if you wanted and could afford to) and you could also provide links to mirrors or someone else's files.

    Besides even if it were a risk, some new permissions could be implemented to allow only certain user groups (most likely admins because it makes the most sense) to specify external URLS.


    Link
    Posted by Damian Parker posts: 2881 United Kingdom


    > To Damian: to be honest I can't see why you think specifying an external URL for files would be a security hole. It would simply allow for far bigger file galleries than one could have by using their own server space, not to mention saving bandwidth. This could allow use of tikiwiki for a sourceforge clone. You could have files stored locally (if you wanted and could afford to) and you could also provide links to mirrors or someone else's files.
    >
    > Besides even if it were a risk, some new permissions could be implemented to allow only certain user groups (most likely admins because it makes the most sense) to specify external URLS.
    >

    Basically it would open up the chance even more for integreity of data. At the moment I know my files are secure because their filenames are md5, Id love to see you try and guess one :-) However using your method it wouldnt be so secure for my data. The filename could be guessed easily and downloaded directly much more easier.

    I believe to get those changes into CVS code it would need to copy or rename the file to its md5 hash.

    Link
    Posted by cosmin posts: 96 Romania

    > Damian:
    >
    >
    > Basically it would open up the chance even more for integreity of data. At the moment I know my files are secure because their filenames are md5, Id love to see you try and guess one :-) However using your method it wouldnt be so secure for my data. The filename could be guessed easily and downloaded directly much more easier.
    >
    > I believe to get those changes into CVS code it would need to copy or rename the file to its md5 hash.

    What do you mean "it would open up the chance even more for integreity of data" ?

    Sourceforge's files aren't m5-ed, if you use a little logic you can download almost any file directly from any of its mirrors, but how many people go to the trouble of trying to download a file directly? But like I said, storing all the files on your own server quickly becomes impractical in terms of server space, and in terms of bandwidth. Suppose I want to put up Windows 2000 SP4 for download, I don't think I'm even allowed by Microsoft to load it on my server. So I would have to specify it's URL directly.

    Link
    Posted by Damian Parker posts: 2881 United Kingdom

    > trickster:
    > > Damian:
    > >
    > >
    > > Basically it would open up the chance even more for integreity of data. At the moment I know my files are secure because their filenames are md5, Id love to see you try and guess one :-) However using your method it wouldnt be so secure for my data. The filename could be guessed easily and downloaded directly much more easier.
    > >
    > > I believe to get those changes into CVS code it would need to copy or rename the file to its md5 hash.
    >
    > What do you mean "it would open up the chance even more for integreity of data" ?
    >
    > Sourceforge's files aren't m5-ed, if you use a little logic you can download almost any file directly from any of its mirrors, but how many people go to the trouble of trying to download a file directly? But like I said, storing all the files on your own server quickly becomes impractical in terms of server space, and in terms of bandwidth. Suppose I want to put up Windows 2000 SP4 for download, I don't think I'm even allowed by Microsoft to load it on my server. So I would have to specify it's URL directly.

    Ah remote storage. Kind of enters into the dodgy area of bandwidth stealing from others servers wink

    Im sure it will work out in the end smile

    Link
    Posted by cosmin posts: 96 Romania

    > Damian:

    > Ah remote storage. Kind of enters into the dodgy area of bandwidth stealing from others servers wink
    >
    > Im sure it will work out in the end smile

    I'd have to disagree with that. I'm sure you know Cnet.com and it's related site Download.com. In most cases the links on their site point to the software developers' website (so if I were to download Nero from them I would actually be downloading it from the developer's website). But the developers put up with it because of the huge customer exposure (hope I got the term right) smile.

    Link