Bugtraq mailing list archives
Re: The Dangers of Allowing Users to Post Images
From: "Chris Lambert" <clambert () gamespy com>
Date: Thu, 14 Jun 2001 21:10:01 -0400
| This is not a big deal if you use some validation on images (in PHP at | least). | | Try the function getImageSize(); it will return an array containing the | size of the image, as well as the format. If the file specified is not a | GIF, JPEG, PNG, or SWF, getImageSize() returns null. Except in the case of bulletin boards, the images are located on remote servers. getImageSize (although it supports HTTP addresses in PHP4.05) would have to work from a fully downloaded copy of the image. This means that if a user posted an image, the server would have to download it entirely, check for its validity, and THEN proceed with inserting it into the database. This isn't a solution for us in vBulletin, as it could mean that a server's bandwidth charges are sent sky high, not only because it has to transfer every 80KB screenshot thats posted, but because some kiddie who decided it'd be funny to link to an 800MB image. -- WhiteCrown Networks - Web Application Security www.whitecrown.net - services () whitecrown net ______________________________ / Chris Lambert - cjlambert () home com |-> ICQ #: 16435685 - AIM: ClipperChris `-> Cell: (401) 743-2786 - http://sms.clambert.org/
Current thread:
- RE: The Dangers of Allowing Users to Post Images, (continued)
- RE: The Dangers of Allowing Users to Post Images Richard M. Smith (Jun 15)
- Re: The Dangers of Allowing Users to Post Images Marc Slemko (Jun 16)
- Re[2]: The Dangers of Allowing Users to Post Images Alexander K. Yezhov (Jun 16)
- Re: The Dangers of Allowing Users to Post Images Ben Gollmer (Jun 15)
- Cross-Site Request Forgeries (Re: The Dangers of Allowing Users to Post Images) Peter W (Jun 15)
- Re: The Dangers of Allowing Users to Post Images David Dreezer (Jun 15)
- Re: The Dangers of Allowing Users to Post Images Chris Lambert (Jun 15)
- Re: The Dangers of Allowing Users to Post Images Ryan Kennedy (Jun 16)
- Re: The Dangers of Allowing Users to Post Images Chris Lambert (Jun 15)
- Re: The Dangers of Allowing Users to Post Images Chris Lambert (Jun 15)
- Re: The Dangers of Allowing Users to Post Images Peter W (Jun 16)
- Message not available
- Message not available
- Re: The Dangers of Allowing Users to Post Images Jason Brooke (Jun 18)
- Re: The Dangers of Allowing Users to Post Images Peter W (Jun 16)
- RE: The Dangers of Allowing Users to Post Images Richard M. Smith (Jun 15)