First off, wonderful photo gallery system. Love the ease of use for end-users and the wealth of functions and classes for the programming/hacking/theming folks.
I had a couple things that I'm curious how others feel about or deal with:
1] When editing an large album, it becomes a bandwidth and performance issue when the image list is generated. Also it becomes unwieldly to traverse the image list and after editing a photo. Is there any work or discussion on creating a paginated image list?
2] Although ZP has the nice feature of password protecting an album, like other gallery systems, the photos reside within the webroot filesystem and could be accessed bypassing the password security. Of course, the filename and folder names would need to be known but security by obscurity is not the best security
For example knowing that a admin uploads photos using the native camera autonumbering filename (e.g. img001.jpg, img002.jpg etc) into a password protected album, an anonymous user could guess that and type:
http://www.example.com/zenphoto/cache/secretalbum/img001.jpgand see and download the photo without ever having to type a password. What I've done with other gallery systems is move the cache out of the webroot and modify the image handling php code to render the image instead of the webserver.
Thoughts?
Thanks!
Zenphoto
Comments
2. Well, you are probably right, but it's not only in the cache, but in the albums folder too. You can currently move the album folder to another place (needs to be edited in zp-config.php). Probably we should add that for the cache, too, if possible. I think that sbillard could say more about that.
Please post tickets on the trac for both feature requests.
Both request will then be added to the poll on our news page, too.