Image Resizer - Best Practice for security

Question

We are currently testing out Image Resizer library and one of the questions is, how do we avoid malicious attacks to the site if someone programmically send thousands of resizing requests of images with arbitrary sizes to the server, overloading the CPU/RAM of server and potentially causing disk space to run out due to tremendous caching files.

Is there any way to whitelisting certain dimensions? Or what is the best practice to avoid this scenario?

Thanks! Stephen

Answer 1

Neither CPU or RAM can generally be overloaded during a (D)DOS attack to ImageResizer. Memory allocation is contiguous, meaning an image cannot be processed unless there is around 15-30% free RAM remaining. Under the default pipeline, only 2 cores are used for image processing, so a regular server will not see CPU saturation either.

In general, there are far more effective ways to attack an ASP.NET website than though ImageResizer. Any database-heavy page is more likely to be a weak point, as the memory allocations are smaller and easier to saturate the server with.

Disk space starvation can be mitigated by enabling autoClean="true".

If you're a high-profile site with lots of determined ill-wishers, you can also consider the following:

1. Use request signing - only URLs generated by your server will be accepted.
2. Use the Presets plugin to white-list defined permitted command combinations.

Both of these reduce development agility and limit your options for responsive web design, so unless you have actually been attacked in the past, I don't suggest them.

In practice, (D)DOS attacks against dynamic imaging software are rarely useful at bringing down anything except — temporarily — uncached images — even when running under the same application pool. Since visited images tend to be cached, the actual effect is rather laughable.