I’m creating a chatting website.
I want to use profile pictures as URLs (such as this pic) instead of letting the user to upload his/her profile picture on my server.
I know that some png/jpg images may be fake or not even an image.
So my question is,will using URLs instead of letting users upload the profile pictures to my server be safe,or it will be risky?
If you just plan on providing a text field which a user can place text and outputting that text directly to the webpage than yes that is a huge security vulnerability. What is the problem with just allowing them to upload a picture and running validation on it? If that is to complex for you to figure out than I would highly recommend using a CMS platform that already provides that type of functionality and more. Uploading a picture is a basic feature of just about every CMS in existence.
Bottom line unless the user works for you/your company or is an affiliate nothing they provide should be trusted without certain levels of validation depending on the content/media. Specially not just providing a text field which anything can be placed. If you think it is to difficult to follow that basic security precaution than you probably should be using a open/closed source CMS of some kind.
You can easily do this by checking for mime content type, but seeing how this is deprecated, you can use fileinfo.
These 2 options check to see what the file really actually is. If you create a file with the filename test.txt and then change it to test.jpg. Both mime content type and fileinfo will catch the file having a mime type of text/plain. This is actually a good thing because then you know that the legit file was not created via a photo editing software.
Most people get these 2 options mixed with file extension checking. So instead of checking for mime content type, what the average Joe would check for is the file extension name which is not a safe idea. Let’s say you have something like test.php.jpg. Well, the file extension does end in a .jpg however since PHP will execute the first period. It is not safe.
The mime type can also be faked.
That’s why you should use fileinfo as I said before. You could check the first few bytes of the file to see if it has the correct image header. It is explained in the notes of the official PHP docs.
http://php.net/manual/en/function.finfo-open.php
What I suggest is to actually do a full sweep instead of taking the easy way out and saying that it is “redundant” to use such a tactic. What you should be doing is checking to see if mime type is right. If not, throw them an error. If it does, then check to see if the first few bytes are good. If not, then display them an error. If so, then allow them to upload the file.
Again, someone is going to say “this is redundant”. Even so, it’s safe to check every measure instead of just finding 1 thing to protect from.
It’s like trying to protect yourself from a hacker. You think that it’s “redundant” to think of every little place or target a hacker might look for, but when you get hacked. I told you so… That’s why you should look for everything and anything. Instead of trying to save time, you should be trying to save your work.
EDIT: Here’s something I found on mime type spoofing. The best answer states what I just said.
http://stackoverflow.com/questions/8028184/mime-type-spoofing/8028436#8028436
I prefer getimagesize() to check images as it also gives dimensions of the image.
Dimensions is what you need to know anyway, if you don’t want users with 3500x2000 avatars
For non-image files that function returns false.
Again. This falls under not checking everything. Checking to see if dimensions can be spoofed. If someone can easily spoof the image header of mime type. They can easily spoof the dimensions.
Also, shouldn’t you be cropping the original picture into your desired dimensions? I think you should be keeping the original in case your crops went wrong. That way you could re-crop the dimensions again if something happens.
Sure. Checking file with getimagesize() is just a first step. But there are few more:
These steps seriosly decrease your chances to be hacked via image uploads.
thanks,but I already have used Gravatar link to obtain a profile picture in a secured method so thanks again 
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.
