I gave up on Coppermine Gallery
27 Feb 2009 | security | comments | editI used to use Coppermine Photo Gallery for http://gallery.erata.net but today i've decided to close it down. The number of vulnerabilities ( most of them critical ) discovered over the years got me thinking. You can see what i mean here http://www.milw0rm.com/search.php?dong=coppermine. 3 vulnerabilities found in the first two months of 2009. 4 in 2008. This remembers me of sendmail and bind ( witch I've heard got better but who cares about them anymore ).
I know it's not written in stone but from the number of vulnerabilities i deduce the quality of a pice of software. I also understand open-source ... and open-source brings a lot more peer reviews ... and i don't mind (that much) vulnerabilities in pre 1.0 versions. But after a few years of development and after a few critical vulnerabilities i'd expect a product to get better and safer.
Oh well... good luck to the developers of coppermine keeping their users safe.
Alternatives i consider using for web gallery needs:
Picassa - if it's enough for the job works very well, provides desktop application for management and until proven wrong i belive it's safe ( and if it's not i don't worry to much since it does not run on my server )
WordPress with NextGen Gallery plugin - can be greatly customized and works well and also allows other content posting.