I am checking out the FlexImage plugin and I like what I see. I do
have one question though.
One of the main things I like is the ability to resize dynamically by
passing in the size parameter.
My concern at this point is whether or not this opens up a security
vulnerability - for if a user setup a script to call every size
variation between 1x1 and 500x500 for a given image (or worse a list
of images) I’m guessing all the RMagick work would probably but a
serious load on the server, possibly even creating a DOS type
situation. What are your thoughts on this? Is there any reasonable
way to prevent this scenario? Am I misunderstanding the situation?
Or is it just an accepted risk?
serious load on the server, possibly even creating a DOS type
situation. What are your thoughts on this? Is there any reasonable
way to prevent this scenario? Am I misunderstanding the situation?
Or is it just an accepted risk?
Certainly that’s possible… you could work around it a couple of
ways…
Don’t pass the size in the url, but have keywords or some such that
relate to a set size. Odds are you dont’ really need all the sizes from
1x1 to 500x500
Pass along an md5 hash that’s the combination of the size and some
secret keyword. Have the fleximage action check it to make sure they
match. This seems like overkill to me though (just in terms of
headache).
The best way (in my opinion) to do it is resize one time and save. Hard
drive space is cheaper than a DOS.
I personally don’t like storing images in a database because you can’t
serve it from the web server; no matter what it has to have an
interface.
I would come up with a naming convention that saves the files to the
disk when different requests are made. Then you can essentially cache
the requests for the images sizes. For instance:
filename-250x250.filetype
Good day,
Chris
Philip H. wrote:
serious load on the server, possibly even creating a DOS type
situation. What are your thoughts on this? Is there any reasonable
way to prevent this scenario? Am I misunderstanding the situation?
Or is it just an accepted risk?
Certainly that’s possible… you could work around it a couple of
ways…
Don’t pass the size in the url, but have keywords or some such that
relate to a set size. Odds are you dont’ really need all the sizes from
1x1 to 500x500
Pass along an md5 hash that’s the combination of the size and some
secret keyword. Have the fleximage action check it to make sure they
match. This seems like overkill to me though (just in terms of
headache).
Don’t pass the size in the url, but have keywords or some such that
relate to a set size. Odds are you dont’ really need all the sizes from
1x1 to 500x500
The best way (in my opinion) to do it is resize one time and save. Hard
drive space is cheaper than a DOS.
If I had one known size, I would agree. But the situation is that I’m
allowing various users to create custom layouts (via the Liquid
template system). I wish to allow all such users to take advantage of
image assets in the system and allow them to request a size that fits
their layout.
Storage of images will be in the filesystem, and I believe once a given
size has been requested the naming format FlexImage uses supports
caching of that image for future re-use.
Not really. You have to use page_caching provided by rails. FlexImage
doesn’t provide it’s own caching at all. page_caching does a fine job.
Don’t pass the size in the url, but have keywords or some such that
relate to a set size. Odds are you don’t really need all the sizes from
1x1 to 500x500
Perhaps a workable solution. Instead of allowing users pixel level
control over image size, I could give them increments of 50px to work
with. This way all resizing could be done up front.
With page_caching of your image action in place, it shouldn’t hit you
too hard. The first time those urls are loaded would be a strain,
however, after that they will be served from the file system very quick
without invoking rails. It would still load lots of image, but makes
you system no more vulnerable than any other website that serves images.
You can also do things like check the referer to make sure that the
image request is is coming from the proper domain. Or abort the flex
image action unless the width param is a multiple of 10, 25 or 50 if you
want to go that route.
But really, with rails page caching, I doubt this is a large issue.
Worse comes to worse, your server is slow for a few minutes and then
immune to that attack in the future.
If this is wrong, or there are any features that FlexImage should have
to make it more secure, please let me know. I certainly don’t want my
production servers bitten by a DOS.
You can also do things like check the referer to make sure that the
image request is is coming from the proper domain.
Is this something that could be configured in Apache? or would it have
to be done in rails? I’m not that familiar with apache, but it seems
that it would be much faster at this task if it can be setup that way.
The best way (in my opinion) to do it is resize one time and save. Hard
drive space is cheaper than a DOS.
If I had one known size, I would agree. But the situation is that I’m
allowing various users to create custom layouts (via the Liquid
template system). I wish to allow all such users to take advantage of
image assets in the system and allow them to request a size that fits
their layout.
Storage of images will be in the filesystem, and I believe once a given
size has been requested the naming format FlexImage uses supports
caching of that image for future re-use.
Don’t pass the size in the url, but have keywords or some such that
relate to a set size. Odds are you dont’ really need all the sizes from
1x1 to 500x500
Perhaps a workable solution. Instead of allowing users pixel level
control over image size, I could give them increments of 50px to work
with. This way all resizing could be done up front.
Pass along an md5 hash that’s the combination of the size and some
secret keyword. Have the fleximage action check it to make sure they
match. This seems like overkill to me though (just in terms of
headache).
Does seem like overkill, but also seems like the one solution offered
so far to allow dynamic resizing from the template which provides some
measure of protection against malicious exploitation. Thanks!
Thanks to everyone so far. If anyone else has two cents to throw in -
please feel free!
With page_caching of your image action in place, it shouldn’t hit you
too hard. The first time those urls are loaded would be a strain,
however, after that they will be served from the file system very quick
without invoking rails. It would still load lots of image, but makes
you system no more vulnerable than any other website that serves images.
Depends on how much disk space you have as well though… if you allow
them to pass the size in via the url someone could do this:
1.upto(10000) do |x|
1.upto(10000) do |y|
… generate image at width=x height=y
end
end
so even if your server could handle it, it’s going to eat up a lot of
disk
space…
You can also do things like check the referer to make sure that the
image request is is coming from the proper domain.
Is this something that could be configured in Apache? or would it have
to be done in rails? I’m not that familiar with apache, but it seems
that it would be much faster at this task if it can be setup that way.
I am sure it can be configured in either place. Don’t know how to do it
in Apache though.
You can also do things like check the referer to make sure that the
image request is is coming from the proper domain.
Is this something that could be configured in Apache? or would it have
to be done in rails? I’m not that familiar with apache, but it seems
that it would be much faster at this task if it can be setup that way.
Also this can be gotten around as the only way your server knows the
referer is based on a header the browser supplies. So if I wanted to I
could just fake it…
(someone please correct me if I’m wrong)
-philip
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.