Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
[RFC] Add signature generation #96
Didn't find this in the doc, but maybe it's already implemented ?
Goal of this RFC is to be able to use flyimg as a public hosting media (no domain restriction) but still provides security to avoid "bad" users to generate their owns image (like doing a loop with +1 pixel width) and doing a DDOS attack.
A way to achieve that is to have on the page creating the url to this service, and on flyimage a shared key whichs allows to encode all the parameters with the url into a signature, and check this on the server (if signature invalid throw a 403 / 404 ?). It's very similar on how thumbor works.
@joelwurtz Indeed this PR is a must have on Flyimg.