Using user editable image URL in application. Security issues.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by sharas on Stack Overflow See other posts from Stack Overflow or by sharas
Published on 2010-05-21T19:06:22Z Indexed on 2010/05/21 19:10 UTC
Read the original article Hit count: 150

Filed under:
|
|
|
|

Hi there.

I am writing an application where users are required to show their photo, however as my server resources are very limited I can not let them upload it to the server.

So I have three major questions:

1. How to properly validate photo URL? At least I can validate with regexp, however I need to check for file ending:

`validates_format_of :photo_url, :with => URI::regexp(%w(http https))`

2. Security issues? XSS?

Even I validate the picture at the moment of creation, hacker can replace image with malicious stuff anytime.

3. Maybe there are free asset stores with API?

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about ruby-on-rails

Related posts about assets

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle