// shall I write some keywords here to boost search engine ranking?

Sunday, April 30, 2006

ImageShack (R) - Free Image Hosting, and Its Login Process

I had been trying to look for some free image hosting service for my personal use. Most of this services have certain limitation such as space allocated, bandwidth allocated, etc.

And recently I discover ImageShack(R), image hosting service which is free of charge. It not even required you to register in order to use the service.

It provide unlimited space, unlimited bandwidth to all image uploaded. The only constraint is that the file size must not exceed 1024 KB (1 MB). This basically have fulfill my need.

If you want to track the images you uploaded, you will need to register. The process of signup is a very typical process as others services on web. But the process of login is a bit different.

It do not have any login page at all. The only way to ogin is by clicking the hyperlink in the registration confirmation email.

It is interesting to try to imagine the rational behind this process flow. After some time, I have think of some advantages of this approach of login. It is easy to implement.

First, there is only one parameter called "login" in the hyperlink. I believe this is the UID generated for each user. So this can cut down the requirement of storing encryptrd password into database.

When no password is stored, of course there is no requirement of change password for user.

Since no password is required to submit while login, it is not a problem for not having SSL. Even the "login" value is sniffed, the damage the hacker can do is still limited to the users' images on ImageShack server.

This seem like a security weakness. But at the same time, hacker will not have chance to perform phishing on the users.

I am not saying this process is better than other process, just that this can be another alternative of login process that we may take into account depend on the system requirements.

No comments: