Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RFC] Add signature generation #96

Closed
joelwurtz opened this issue Jul 10, 2017 · 1 comment
Closed

[RFC] Add signature generation #96

joelwurtz opened this issue Jul 10, 2017 · 1 comment
Assignees
Projects
Milestone

Comments

@joelwurtz
Copy link

@joelwurtz joelwurtz commented Jul 10, 2017

Hey,

Didn't find this in the doc, but maybe it's already implemented ?

Goal of this RFC is to be able to use flyimg as a public hosting media (no domain restriction) but still provides security to avoid "bad" users to generate their owns image (like doing a loop with +1 pixel width) and doing a DDOS attack.

A way to achieve that is to have on the page creating the url to this service, and on flyimage a shared key whichs allows to encode all the parameters with the url into a signature, and check this on the server (if signature invalid throw a 403 / 404 ?). It's very similar on how thumbor works.

WDYT ?

@sadok-f
Copy link
Member

@sadok-f sadok-f commented Jul 11, 2017

@joelwurtz Indeed this PR is a must have on Flyimg.
Currently, only the restricted domains are the only the security layer, the server could fail with DDOS.
I checked Thumbor implementation
https://github.com/thumbor/thumbor/wiki/Security
Very straightforward and simple to implement, We hope we can add this soon.
Many thanks for raising this topic.

@sadok-f sadok-f added this to the Version 1.1 milestone Jul 13, 2017
@sadok-f sadok-f self-assigned this Jul 13, 2017
sadok-f added a commit that referenced this issue Jul 21, 2017
sadok-f added a commit that referenced this issue Jul 21, 2017
@sadok-f sadok-f closed this in 2ca0d25 Aug 21, 2017
sadok-f added a commit that referenced this issue Aug 21, 2017
[WIP]Add signature generation: Closes #96
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
V1 release
Awaiting triage
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.