Limit MyPhotoShare dependency on PHP
Initially, MyPhotoShare is a static site generator. From Python generator and albums tree, build JSON files used by JavaScript in an index.html
file.
Then the index.html
was converted to index.php
to allow sharing with Facebook (I think), but the index.html
file is still available for people who don't need the social feature (that's my case).
Then the "Send me a password" feature for password-protected albums required a PHP mailer.
Now, the new user-suggested geolocation feature is also using PHP mailer to send emails with geo-coordinates to the site owner. That's a very nice feature (I've just tested it) BUT:
- It adds dependencies on PHP for the Web server.
- It potentially opens PHP and server misconfiguration security issues.
- Being no more static, the web site can't be deployed on a CDN.
- And all the arguments explained in the Jamsack page.
That's true that these features, sharing, "send me a password" and user geo-taging, are optional and the site owner can decide to enable them or not. But if PHP becomes more and more prevalent in MyPhotoShare, why not use a database instead of the JSON files and develop a full back-end application, without the limitations of static sites, but sacrificing on the other advantages? A selling point for MyPhotoShare is that you can run it on a very limited hardware with low energy requirements (i.e. Raspberry Pi or similar), with only a web server able to send files.
Using the user's email client to send the picture location or the password request would revert the dependency to PHP. The problem then would be to hide the site owner email address in the Web page from spammers' bots...