Using user editable image URL in application. Security issues.

Posted by sharas on Stack Overflow See other posts from Stack Overflow or by sharas
Published on 2010-05-21T19:06:22Z Indexed on 2010/05/21 19:10 UTC
Read the original article Hit count: 171

Filed under:
|
|
|
|

Hi there.

I am writing an application where users are required to show their photo, however as my server resources are very limited I can not let them upload it to the server.

So I have three major questions:

1. How to properly validate photo URL? At least I can validate with regexp, however I need to check for file ending:

`validates_format_of :photo_url, :with => URI::regexp(%w(http https))`

2. Security issues? XSS?

Even I validate the picture at the moment of creation, hacker can replace image with malicious stuff anytime.

3. Maybe there are free asset stores with API?

© Stack Overflow or respective owner

Related posts about ruby-on-rails

Related posts about assets