Signed keys for image service #1085
wildfiremedia
started this conversation in
Proposal
Replies: 1 comment
-
|
@ascorbic Could we limit to certain sizes to avoid mass resize attack when using _image service? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Body
Summary
Avoid mass resize image attack.
Background & Motivation
If we have set only certain sizes that can be accessed using URLs with parameters, users can change the values at will.
Goals
To prevent mass image resizing attacks, I think we need to implement a signed key for each image using a private string (in the .env file) and a public key (in the URL).
Beta Was this translation helpful? Give feedback.
All reactions