Reputation: 2277
Security issues when displaying external images
I've made a "wall" script that analysed an url and get some datas from this url.
I want to display images from this url to get a thumb.
So my question is :
Is it possible to be 100% safe when displaying an image from an external content ?
For exemple Facebook use a " safe_image.php?urlOfThePicture "
Upvotes: 0
Views: 112
Answers (1)
Reputation: 322
Is it possible to be 100% safe when displaying an image from an external content ?
In general, you can't be 100% safe with anything. However, you can do as much as possible to protect yourself and make compromise difficult.
The biggest danger here is probably CSRF. If you just display the image copying its original URL, you can easily grab a malicious URL that claims to be an image but actually sends a request to an arbitrary vulnerable site (your mail, your bank, etc). Facebook deals with this by actually creating a copy of each image uploaded so the image displayed to your browser is always safe.
If you have a program that downloads the image and generates thumbnails, you need to be sure that the program can deal with corrupt (malicious) images, otherwise that could be targeted and compromised.
Upvotes: 1
Related Questions
- scripts embedded in images
- What steps can I take to improve security when allowing users to link images from an external source?
- How to prevent images from access
- Secure dynamic images. PHP
- Security risks of remote images
- Increasing security on imageUpload, issues with img src="image.php"
- External image vulnerabilities
- Src images and security
- External Image Security
- External images not showing under apache