Generating many images from different sizes automatically has DOS vulnerability (3h)

chintan39 / wildblog

Automatically exported from code.google.com/p/wildblog

Other

0 stars 0 forks source link

Generating many images from different sizes automatically has DOS vulnerability (3h) #361

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

allow only some sizes?

Original issue reported on code.google.com by horak.honza@gmail.com on 12 Nov 2012 at 6:58

GoogleCodeExporter commented 9 years ago

we need to analyze first, what sizes we use

Original comment by horak.honza@gmail.com on 12 Nov 2012 at 6:58

GoogleCodeExporter commented 9 years ago

better to use the following approach:
1) when creating thumbnail path in code -> generate 
thumbnail/path/image.png.permit file
2) after then generate thumbnail only if permit file exists

Original comment by horak.honza@gmail.com on 30 Dec 2012 at 10:40

GoogleCodeExporter commented 9 years ago

permit file is created after analyzing created template and doesn't have to be 
checked if user is admin or content_admin.

Original comment by horak.honza@gmail.com on 31 Dec 2012 at 9:57

Changed state: Done