Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve security of image filenames #87

Closed
ausi opened this issue Dec 31, 2021 · 4 comments · Fixed by #90
Closed

Improve security of image filenames #87

ausi opened this issue Dec 31, 2021 · 4 comments · Fixed by #90
Assignees
@ausi
Labels
feature

Comments

@ausi
Copy link
Member

ausi commented Dec 31, 2021

The paths for resized versions of private images should not be guessable for security reasons.

See contao/contao@9c517c7 (#3848)
@ausi ausi added the feature label Dec 31, 2021
@ausi ausi self-assigned this Dec 31, 2021
@ausi ausi mentioned this issue Dec 31, 2021
Merged
7 tasks
@ausi
Copy link
Member Author

ausi commented Jan 19, 2022

Idea for better backwards compatibility:

Still calculate the old hash, and if the resized image already exists with the old name, return it. But if it does not exist, create a new image with the new hash algorithm instead.

@leofeyer
Copy link
Member

Do we need backwards compatibility? We could also ask the users to rebuild their cache.

@ausi
Copy link
Member Author

ausi commented Jan 19, 2022

We could also ask the users to rebuild their cache.

This can be a very huge number of images that have to be regenerated. If the backwards compatibililty can be achieved without too much effort I would favor it.

@ausi ausi mentioned this issue Jan 20, 2022
Merged
@ausi
Copy link
Member Author

ausi commented Mar 20, 2022

Closed in favor of #90

@ausi ausi closed this as completed Mar 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ausi ausi

Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improve file name hashing algorithm ausi/contao-image
2 participants
@ausi @leofeyer