Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security for a Small Stock Photo Company

Posted by Cliff on from the reliable-online-photo-delivery dept.

ExTex asks: "I am a commercial photographer, and I also run a very small stock photography company. Most of the sales that I make are to existing clients or from referrals. Currently, when I make a sale I upload a ZIP file of the image and create a unique web page for the customer to download. I pull the page shortly after the client has confirmed receipt. This is easy, when I'm in the office, but can be a challenge if I'm out in the field on a shoot. At some point I'd like to be able to have 400 of my best images already pre-zipped and loaded to my web host for quick download. I'm wondering how best to secure the images to prevent unauthorized download but also make it relatively easy for the typical un-savvy client."

2 of 43 comments (clear)

  1. Porn site? by gambit3 · · Score: 2, Insightful

    Not to trivialize or suggest that the poster is a actually planning to run a porn site.. but doesn't this sound very much like just running a basic adult site? i.e., You already have the pics uploaded, and you just need a mechanism to provide access to specific areas. i.e., Porn site.

    --
    Watch the Teaser Trailer for "The Lightning Thief" Her
  2. Use an order-specific symlink by akh · · Score: 5, Insightful
    Unix-specific solution:
    • Place the zipfiles into a directory readable by the webserver but not accessable over HTTP. Call it something like /webroot/private
    • Create a second directory, writable by your shopping cart script and HTTP-accessable. Call it something like /webroot/orders
    • When a customer places and order, have the script create a symbolic link from the private directory to an order-specific filename in the public directory (an MD5 sum of e.g. the time + process id might make an appropriate filename)
    • Provide a link to the symlinked file in the customer's receipt
    For example:

    In the script:
    ln -s /webroot/private/CONTENT.zip /wehroot/orders/RANDOM_FILENAME.zip

    In the receipt:
    <a href="http://example.com/orders/RANDOM_FILENAME.zi p">Click here to download</a>

    (Thank you slashcode for clobbering that code - get rid of the space in 'zip' and the '[example.com]' string, above)

    This isn't foolproof since customers can still pass the URL on to others. If they do though, you'll know who did it based on the order-specific filename.

    --
    Accept Eris as your Fnord and personally sate her