Kees Jongenburger wrote:
> > 1. ImageServlet does not accept transformation templates on the URL.
> >
> > The first issue could be considered a good thing, but since servdb could do
> > it, and that one will be dropped (moved to scan which is nearly the same..),
> > I implemented an alternative in ImageServlet. This behavior is configurable
> > though, by an init-parameter of the Servlet in web.xml
> can you think of a way we could have best of both words so we can create images
> using <mm:image template="r(20)+s(40)+f(png)"/> and still only perform
> the conversion upon request of the image? does that affect the
> security you where talking about?
Yes, I can think of such a way.
No, I do not think that would affect security, because the way which I think
about would involve creating the icache immediately (so available for
security on the same way), but only with an empty handle field. The
production of the handle field could then:
1. Still triggered in Images in the same way, but the call to 'cache'
will simply not block until it is finished. It need not block, because it
does not need the byte array anyway, it only needs the new icache number.
ImageServlet should then detect that handle is null, and block until it
is not null. (or perhaps timeout).
2. Not be triggered in Images, but in ImageServlet itself. The sad thing is
that the 'ckey' field as is cannnot be used for that. Easiest would be to
change the content of ckey (it should contain the actual and not the
mangled transformation template string).
The advantage of this is that is is easy to configure that all
image-conversions must happen on a dedicated server (the server which
does ImageServlet).
The other advantage is that you avoid producing anything what is not
really requested by some client.
I think (1) is easiest to make (no issues with ckey), but (2) may be best.
Perhaps there are other possibilities as well, but I used to think along
these lines.
Michiel
--
Michiel Meeuwissen mihxil'
Mediacentrum 140 H'sum [] ()
+31 (0)35 6772979 nl_NL eo_XX en_US
