Closed adelikat closed 1 year ago
Oh, this was already added as an issue? Great, that means I will not have to add it. :)
I think this would be a very good move. I don't know how many times that "free" image hosting sites stopped being free or started serving large warning images, and staff had to go through and remove image links.
Additional benefit: we can actually enforce 100x100 pixel, max file size and image format compliance, because the image cannot be changed by the user after the upload moment (which today is the only time the size is checked).
The downside I've heard (during the go-live voice chat) is that potentially illegal material could be uploaded to our servers, rather than some external server. But this is already the case, since we let users upload userfiles which aren't screened for content. The zip files and zip-like files like bk2 could potentially house anything. Also it is difficult to fit much illegality in 9 kB of data, so I don't think this should be an issue.
I've totally skimmed over zip userfiles and shady images while thinking about security, thank you for bringing up the topic.
Common image upload scenario on community websites:
I think this wouldn't be necessary if we did https://github.com/TASVideos/tasvideos/issues/640 as @YoshiRulz linked, I think that is the more promising route to take, so much so, I want to close this ticket in favor of that one
Another point that I don't think has been mentioned yet: Since the URIs provided by users are passed on to other users verbatim, a malicious user could track others (the simple IP + User-Agent kind of tracking), or possibly exploit vulns in browsers' image processing code.
Rather than having whatever sketch image hosting site tripping user's browser security, it would be nice if we could support them uploading to tasvideos.
We should permission restrict this, even if it is given out by default (likely not, maybe experienced forum user's at least).
It should be easy to block/ban an avatar in case of abuse.
Probably a host of other logistical issues.