Using user editable image URL in application. Security issues.
Posted
by sharas
on Stack Overflow
See other posts from Stack Overflow
or by sharas
Published on 2010-05-21T19:06:22Z
Indexed on
2010/05/21
19:10 UTC
Read the original article
Hit count: 171
Hi there.
I am writing an application where users are required to show their photo, however as my server resources are very limited I can not let them upload it to the server.
So I have three major questions:
1. How to properly validate photo URL? At least I can validate with regexp, however I need to check for file ending:
`validates_format_of :photo_url, :with => URI::regexp(%w(http https))`
2. Security issues? XSS?
Even I validate the picture at the moment of creation, hacker can replace image with malicious stuff anytime.
3. Maybe there are free asset stores with API?
© Stack Overflow or respective owner