Revisions to Uploading and showing images securely

Notice removed Authoritative reference needed by captain monk

occurred Nov 15, 2018 at 12:48

Bounty Ended with Your Common Sense's answer chosen by captain monk

occurred Nov 15, 2018 at 12:48

added 1 character in body

Source Link

edited Nov 11, 2018 at 7:18

Do you spot anything wrong regarding permissions?
Are the checks that I do in upload_images.php to check that the files that are being uploaded are images of the allowed formatformats sufficient? Could I do something better?
Fetching multiple images using base64_encode(file_get_contents($images[$i])) seems a bit slow and also the string that is being put inside img src is huge...can this be a problem (for example images don't appear in xiaomis MIUI browser)? Is there a better alternative?
Let's say that a malicious image bypasses my checks during uploading. When I fetch an images using the following PHP code get the response in js using ajax and then append it to the dom to be shown to the user using <img src='data:"+ data.extention[i] +";base64," + data.images[i] + "'> is it possible to be harmful in any way?
Is storing images outside of root trying to prevent access of malicious users too much of a hassle? Is it better maybe (security-speed-browser compatibility wise) to just store them inside root and make use of .htaccess to prevent someone from doing harm? Would an .htaccess like the following ( secure_images/.htaccess ) be sufficient for that purpose?

Do you spot anything wrong regarding permissions?
Are the checks that I do in upload_images.php to check that the files that are being uploaded are images of the allowed format sufficient? Could I do something better?
Fetching multiple images using base64_encode(file_get_contents($images[$i])) seems a bit slow and also the string that is being put inside img src is huge...can this be a problem (for example images don't appear in xiaomis MIUI browser)? Is there a better alternative?
Let's say that a malicious image bypasses my checks during uploading. When I fetch an images using the following PHP code get the response in js using ajax and then append it to the dom to be shown to the user using <img src='data:"+ data.extention[i] +";base64," + data.images[i] + "'> is it possible to be harmful in any way?
Is storing images outside of root trying to prevent access of malicious users too much of a hassle? Is it better maybe (security-speed-browser compatibility wise) to just store them inside root and make use of .htaccess to prevent someone from doing harm? Would an .htaccess like the following ( secure_images/.htaccess ) be sufficient for that purpose?

Do you spot anything wrong regarding permissions?
Are the checks that I do in upload_images.php to check that the files that are being uploaded are images of the allowed formats sufficient? Could I do something better?
Fetching multiple images using base64_encode(file_get_contents($images[$i])) seems a bit slow and also the string that is being put inside img src is huge...can this be a problem (for example images don't appear in xiaomis MIUI browser)? Is there a better alternative?
Let's say that a malicious image bypasses my checks during uploading. When I fetch an images using the following PHP code get the response in js using ajax and then append it to the dom to be shown to the user using <img src='data:"+ data.extention[i] +";base64," + data.images[i] + "'> is it possible to be harmful in any way?
Is storing images outside of root trying to prevent access of malicious users too much of a hassle? Is it better maybe (security-speed-browser compatibility wise) to just store them inside root and make use of .htaccess to prevent someone from doing harm? Would an .htaccess like the following ( secure_images/.htaccess ) be sufficient for that purpose?

added 28 characters in body

Source Link

edited Nov 10, 2018 at 12:07

Do you spot anything wrong regarding permissions?
Are the checks that I do in upload_images.php to check that the files that are being uploaded are images of the allowed format sufficient? Could I do something better?
Fetching multiple images using base64_encode(file_get_contents($images[$i])) seems a bit slow and also the string that is being put inside img src is huge...can this be a problem (for example images don't appear in xiaomis MIUI browser)? Is there a better alternative?
Let's say that a malicious image bypasses my checks during uploading. When I fetch an images using the following PHP code get the response in js using ajax and then append it to the dom to be shown to the user using <img src='data:"+ data.extention[i] +";base64," + data.images[i] + "'> is it possible to be harmful in any way?
Is storing images outside of root trying to prevent access of malicious users too much of a hassle? Is it better maybe (security-speed-browser compatibility wise) to just store them inside root and make use of .htaccess to prevent someone from doing harm? Would an .htaccess like the following ( secure_images/.htaccess ) be sufficient for that purpose?

Do you spot anything wrong regarding permissions?
Are the checks that I do in upload_images.php to check that the files that are being uploaded are images of the allowed format sufficient? Could I do something better?
Fetching multiple images using base64_encode(file_get_contents($images[$i])) seems a bit slow and also the string that is being put inside img src is huge...can this be a problem (for example images don't appear in xiaomis MIUI browser)? Is there a better alternative?
Let's say that a malicious image bypasses my checks during uploading. When I fetch an images using the following PHP code get the response in js using ajax and then append it to the dom to be shown to the user using <img src='data:"+ data.extention[i] +";base64," + data.images[i] + "'> is it possible to be harmful in any way?
Is storing images outside of root trying to prevent access of malicious users too much of a hassle? Is it better maybe (security-speed-browser compatibility wise) to just store them inside root and make use of .htaccess to prevent someone from doing harm? Would an .htaccess like the following be sufficient for that purpose?

Do you spot anything wrong regarding permissions?
Are the checks that I do in upload_images.php to check that the files that are being uploaded are images of the allowed format sufficient? Could I do something better?
Fetching multiple images using base64_encode(file_get_contents($images[$i])) seems a bit slow and also the string that is being put inside img src is huge...can this be a problem (for example images don't appear in xiaomis MIUI browser)? Is there a better alternative?
Let's say that a malicious image bypasses my checks during uploading. When I fetch an images using the following PHP code get the response in js using ajax and then append it to the dom to be shown to the user using <img src='data:"+ data.extention[i] +";base64," + data.images[i] + "'> is it possible to be harmful in any way?
Is storing images outside of root trying to prevent access of malicious users too much of a hassle? Is it better maybe (security-speed-browser compatibility wise) to just store them inside root and make use of .htaccess to prevent someone from doing harm? Would an .htaccess like the following ( secure_images/.htaccess ) be sufficient for that purpose?