| Saturday, October 11, 2008, 3:00:25 P.M. | Unix Time Converter | In Dutch @ The Cowboys | In Google Directory |
Swicki this blog
Google this blog
Entry comments
Greg Raaum: Hi, I am one of the ImageFolio developers. Thanks for all the nice comments. Yes, we resolved 2 security issues a long time ago and sent notices to all of the reporting agencies, but they never removed or updated their notices. We have a new version 4.0 out now and it's extremely secure, much faster than 3.1, and installs in 5 minutes automatically. You can see it at http://if4.imagefolio.com/ >> Comment made on:
A MySQL ImageFolio?
leon: Regarding your question about imagefolio: what security issues do you mean?
There was one with the installation, but i think they solved that. When we (i'm the chief internet editor of http://www.bndestem.nl ) installed the script a few years ago, after installation we removed the setup.cgi from the cgi.bin. Just as the manual said, but i pointed out to bizdesign that a lot of people tend to forget that. At the very moment the script runs for the first time they're happy, start playing with it, and forget about it. I just tried to get to setup.cgi on some site that were running imagefolio et voila: i could make myself super user, delete all users, and do whatever i like with all pictures.
A better way is like phpbb handles it: after installation the board refuses to run: first you have to delete de setup files. I think they might have solved it that way, but i haven't installed newer versions since then.
Having said that: if you delete the setup.cgi after the installation, i see no problems. We're running nine or ten instances of imagefolio on the same server, for three years now without any problems. The number of pictures varies from 2000 to over 10.000, and during 911, the outbreak of the war in Irak, and the murder of a politician over here, we had thousands of viewers clicking simultaneously without any problems.
As we are in the process of setting up mandatory registration for every visitor, we've let a programmer write the code that also handles imagefolio. >>
Comment made on:
A MySQL ImageFolio?
Kerry Fay: We are considering buying Imagefolio. I was wondering if they have resolved their security issues with 3.1. Do you know? >>
Comment made on:
A MySQL ImageFolio?
« Skeptical Links | Main | iPod troubles running »
July 15, 2003
A MySQL ImageFolio?
One thing you know for sure playing with a website: development never stops. Some people have been asking me about ImageFolio, the application that displays picture albums on this site. 
For all documentation have a look on the ImageFolio Website, and if you have questions about hacking the program and/or the templates the Resource Center is the place to go.
If you have specific questions about how i've hacked my own templates or the ones i've done for the newspaper where i am working, send me a mail.
An old wish will become true later this year: a MySQL version of ImageFolio.
Not really necessary, the makers of the application believe, but nevertheless written because so may people are asking about it.
I understand why they think there's no need: at the newspaper'we've got always between 5000 and 8000 pictures in the system and it's always fast and stable. But then again, an SQL version will give you better possibilities to do all kind of things with the captions, thumbnailcaptions and keywords for the searches.
Posted by Leon at July 15, 2003 03:36 AM
Comments
Hi, I am one of the ImageFolio developers. Thanks for all the nice comments. Yes, we resolved 2 security issues a long time ago and sent notices to all of the reporting agencies, but they never removed or updated their notices. We have a new version 4.0 out now and it's extremely secure, much faster than 3.1, and installs in 5 minutes automatically. You can see it at http://if4.imagefolio.com/
Posted by: Greg Raaum at October 4, 2005 05:22 PM
Regarding your question about imagefolio: what security issues do you mean?
There was one with the installation, but i think they solved that. When we (i'm the chief internet editor of http://www.bndestem.nl ) installed the script a few years ago, after installation we removed the setup.cgi from the cgi.bin. Just as the manual said, but i pointed out to bizdesign that a lot of people tend to forget that. At the very moment the script runs for the first time they're happy, start playing with it, and forget about it. I just tried to get to setup.cgi on some site that were running imagefolio et voila: i could make myself super user, delete all users, and do whatever i like with all pictures.
A better way is like phpbb handles it: after installation the board refuses to run: first you have to delete de setup files. I think they might have solved it that way, but i haven't installed newer versions since then.
Having said that: if you delete the setup.cgi after the installation, i see no problems. We're running nine or ten instances of imagefolio on the same server, for three years now without any problems. The number of pictures varies from 2000 to over 10.000, and during 911, the outbreak of the war in Irak, and the murder of a politician over here, we had thousands of viewers clicking simultaneously without any problems.
As we are in the process of setting up mandatory registration for every visitor, we've let a programmer write the code that also handles imagefolio.
Posted by: leon at August 15, 2003 10:52 PM
We are considering buying Imagefolio. I was wondering if they have resolved their security issues with 3.1. Do you know?
Posted by: Kerry Fay at July 23, 2003 07:27 AM