Hey Prabu,
On Thu, Jul 27, 2017 at 11:21 PM, Prabudoss H <
prabu...@gmail.com> wrote:
>
> Thanks Stefan for the speedy response. I read through this link
https://www.onehippo.org/12/library/concepts/images-and-assets/binaries-that-need-workflow.html which basically says to use embedded resources to have workflow on images. But it essentially means that the images should not be uploaded into "Images" folder. If we do then it goes live instantly. It looks like a significant risk if we are not controlling the image uploaded to "Images" folder via a publication process. Please correct me I am wrong
I don't wanna claim per se that you are wrong, although I tend to
disagree that it is a significant risk. Let me explain, and also, at
the end of my reply, I will mention a customer that didn't want this
behavior and hooked in a pre-validation for images.
First of all, images are typically not very 'risky' to expose
them....I mean, it is not that they contain sensitive text or
something in general. If they do, well....they might belong explicitly
to some document, so them use the assets in a document so it
piggybacks on the document workflow. Likewise for a, say, sensitive
pdf : Have them as an embedded document.
Secondly, in general, we strongly advice not to replace *existing*
images, but add a new one. In general, an image is visible in the
frontend by some document that links to it. Only the preview document
version in general will link to the image, so, in general, on one will
see the image. Yes, it is visible if you as an end user guess the URL.
If that is really really really a security risk, well, then we are
back at that the image should be a document embedded image because it
is apparently to sensitive. We do advice to add new images instead of
replacing because in general, images are (can be / are likely to be)
cached by all kind of intermediate proxies (like squid, varnish or
some cdn) or in the browser itself. Hence replacing an image is in
general a bad practice (this is regardless our stack, it is a general
web development thing...or if you replace it, at least add some hash
in the url for example or etag check). Any way, we thus advice adding
new images.
Thirdly, we have images decoupled from content. Many documents can use
(link to) the same image. Now assume you want to take the image
offline. This means you also first need to modify all the published
documents that link to the image....or also take them offline. Any
way, you see the point, it easily results in way more downsides and
upsides
For the above reasons, I consider the risk you mention to be in
general not applicable. As said, if it is, use embedded document
images. If you really want it differently, you can also use what a
customer did: Whenever serving an image, they first do a check whether
the image is used by at least one live document. If not, the image URL
does not work and returns a 404. That is an option, at the expense of
some performance. Also however do realize the 'check' does not work if
you want to enable cdn/caching proxies : Namely, once the image has
been live, it typically gets cached in the proxy never checking the
container any more.
I hope you see my points. Having no workflow on images in the images
folder is not some thing we missed. We have thought it through, and
apart from some minor counter arguments, I still consider having no
workflow on images by far better than having it on images. Certainly
because we do support alternatives and even hooks to plug in your own
checks and balances.
Hope this helps understanding the images design not having workflow
Regards Ard
>> m.
>>
>> e.
>>
>>
617.901.2226
>>
>>
stefan....@bloomreach.com
>>
>>
>> ___________________________________________________________________
Hippo Netherlands, Oosteinde 11, 1017 WT Amsterdam, Netherlands
Hippo USA, Inc. 71 Summer Street, 2nd Floor Boston, MA 02110, United
states of America.
US
+1 877 414 4776 (toll free)
Europe
+31(0)20 522 4466
www.onehippo.com