Need to specify exactly what versions are "available"; being able to request for any size means service is open to DOS

[choonkeat]

Proposal 1 add GEOMETRY_WHITELIST key to vhost config, e.g.

"aws.example.com":
  "GEOMETRY_WHITELIST":
    - "64x64#"
    - "400x>"
    - "1024x>"

Though it may appear we regress into "predefined styles" land, but this is a late binding (as oppose to upfront early binding like Paperclip et al)

Proposal 2 Require all the resize urls be signed, so arbitrary sizes cannot be requested at all.

Impact on caching? browser js ux (upload and request for preview image)?

@janko-m @laurenceputra

[choonkeat]

Proposal 3 in production, use imgix for the download api, and let them handle the traffic https://github.com/choonkeat/attache/wiki/Integrate-with-imgix.com