On 6 January 2012 13:58, mick mbm@rlogin.net wrote:
On Fri, 6 Jan 2012 13:47:36 +0000 Chris Green cl@isbd.net allegedly wrote:
On Fri, Jan 06, 2012 at 01:13:50PM +0000, samwise wrote:
Assuming your users would be comfortable using FTP ...
It's a possibility, it would certainly simplify maintenance compared with gallery2.
As people here have said before, please don't use FTP. It is a truly horrible, ancient, insecure protocol. Use sftp in preference.
Mick
The FTP protocol is perfectly suited to the job it does - it's up to the administrator and the user to ensure it's used appropriately.
In this case, I suggested FTP because even really old Windows clients which you might find in internet cafes around the world will come with command line FTP clients or drag and drop support in older versions of IE. Secure FTP may well require either an additional client (e.g. PSFTP or FileZilla Client) download or the running of one from a USB stick ... maybe that's possible in some/most/all/none internet cafes ... but until you get to wherever you're going and see what the facilities are, you can never be sure.
FTP on the other hand is pretty much as ubiquitous as the web is. Setting up the FTP server using e.g. proFTPd to be write-only, with an appropriate upload limit, would IMO be secure enough for the purpose described. In theory someone can snoop the password, but all that will let them do is upload their own pictures to the server which would admittedly get published automatically. If you're exceptionally paranoid about that tho, you simply script a quick secured moderation app which only publishes the photos to the public website when they have been approved by someone via the web - either the person travelling or someone back home.
Maybe there is a need for end-to-end encryption of these photos over the internet but if they're regular travel snaps, I wouldn't be concerned about them being snooped in transit. Most people, knowingly or not, take that risk when emailing photos around.
Off-topic, I also make use of FTP on sites for providing anonymous public uploads where the data being uploaded is not of any private or secret nature - again with write-only access and a disk quota.
At the end of the day, security is always a trade-off against usability and should be applied with thought to the circumstances. In this case, I'd personally still choose to use FTP for this purpose for the benefits of global usability over the - IMO - limited extra security SFTP would provide in this case...
Peter.
P.S. Not entirely related, but I just discovered a rather nice beta photo app for Android:
This uses a REST API to allow you to both browse and upload photos to a Gallery 3 installation from an Android device. Quite handy, even if it is only in beta atm.