How to prevent DOS attacks using image resizing in an ASP.NET application?

Posted by Waleed Eissa on Stack Overflow See other posts from Stack Overflow or by Waleed Eissa
Published on 2009-01-08T11:12:56Z Indexed on 2010/04/07 0:23 UTC
Read the original article Hit count: 410

Filed under:

I'm currently developing a site where users can upload images to use as avatars, I know this makes me sound a little paranoid but I was wondering what if a malicious user uploads an image with incredibly large dimensions that will eat the server memory (as a DOS attack), I already have a limit on the file size that can be uploaded (250 k) but even that size can allow for an image with incredibly large dimensions if the image for example is a JPEG that contains one color and created with a very low quality setting. Taking into consideration that the image is uploaded as a bitmap in memory when being resized (ie. not compressed), I wonder if such DOS attacks occur, even to check the image dimensions it has to be uploaded in memory first, did you hear about any attacks that exploited this? Am I too worried?

© Stack Overflow or respective owner

Related posts about ASP.NET