New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RFC] Add signature generation #96

Closed
joelwurtz opened this Issue Jul 10, 2017 · 1 comment

Comments

2 participants
@joelwurtz

joelwurtz commented Jul 10, 2017

Hey,

Didn't find this in the doc, but maybe it's already implemented ?

Goal of this RFC is to be able to use flyimg as a public hosting media (no domain restriction) but still provides security to avoid "bad" users to generate their owns image (like doing a loop with +1 pixel width) and doing a DDOS attack.

A way to achieve that is to have on the page creating the url to this service, and on flyimage a shared key whichs allows to encode all the parameters with the url into a signature, and check this on the server (if signature invalid throw a 403 / 404 ?). It's very similar on how thumbor works.

WDYT ?

@sadok-f

This comment has been minimized.

Show comment
Hide comment
@sadok-f

sadok-f Jul 11, 2017

Member

@joelwurtz Indeed this PR is a must have on Flyimg.
Currently, only the restricted domains are the only the security layer, the server could fail with DDOS.
I checked Thumbor implementation
https://github.com/thumbor/thumbor/wiki/Security
Very straightforward and simple to implement, We hope we can add this soon.
Many thanks for raising this topic.

Member

sadok-f commented Jul 11, 2017

@joelwurtz Indeed this PR is a must have on Flyimg.
Currently, only the restricted domains are the only the security layer, the server could fail with DDOS.
I checked Thumbor implementation
https://github.com/thumbor/thumbor/wiki/Security
Very straightforward and simple to implement, We hope we can add this soon.
Many thanks for raising this topic.

@sadok-f sadok-f added this to the Version 1.1 milestone Jul 13, 2017

@sadok-f sadok-f self-assigned this Jul 13, 2017

sadok-f added a commit that referenced this issue Jul 21, 2017

sadok-f added a commit that referenced this issue Jul 21, 2017

@sadok-f sadok-f closed this in 2ca0d25 Aug 21, 2017

sadok-f added a commit that referenced this issue Aug 21, 2017

Merge pull request #104 from flyimg/add-signature-generation
[WIP]Add signature generation: Closes #96
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment