My First Revolution Product

Generic Email generic.email.30022 at gmail.com
Tue Jan 20 09:45:27 EST 2009 

The images are protected. Upon upload, a 12 digit password is  
generated and given to the user in the form of the URL. Only someone  
with that 12 digit number is able to view the image. Someone could try  
and brute force the 12 digits. If this becomes an issue, I will detect  
the attempted retrieval of some large number of non-existent images  
and block the IP.

The images are easily accessible by someone with the secret key. They  
don't even know that they are using the key, but they are. I can make  
the key 100+ alpha/digits, but I will fix that problem if it become one.

Your email points out the fact that I should inform the users of this  
on my site, so that they can know what is being done to protect their  
privacy. Thanks so much!

I really appreciate all of the feedback.


Bert


On Jan 20, 2009, at 7:35 AM, Dave wrote:

> Hi,
>
> I think you may run into problems if you are sending people's screen  
> shots to an unprotected server! Sounds like a hacker's picnic to me!
>
> Surely you should have at least a username and password to access  
> the images?
>
> All the Best
> Dave
>
>
> On 19 Jan 2009, at 19:44, Kurt Kaufman wrote:
>
>> Mr. Email,
>> Nice, simple operation; no user setup involved.  When you offer the  
>> product publicly, I would suggest offering more information about  
>> where the picture is posted (rather than simply "the internet"), as  
>> some people might be a little uneasy about having screen-shots sent  
>> to who-knows-where.  Maybe a "More info." link on the web site and  
>> a "More info." button from within the app would suffice.
>>
>> Nice job, and in only a couple of weeks!
>>
>> -Kurt
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your  
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your  
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution

More information about the use-livecode mailing list