doubledee — 2012-02-13T17:03:10-05:00 — #1
Has anyone used a Graphics Program to "sanitize" Images that are being uploaded to your website?
In my researching how to allow Users to securely upload pictures to my website, it has been said by a few that you should convert the Original Images to an intermediary format (e.g. BMP) and then convert the stripped version back to a Standard Format (e.g. JPEG).
This sounds complicated, scary, and possibly expensive?! :-/
eastcoast — 2012-02-13T17:52:10-05:00 — #2
You don't need to use imagemagick, image reprocessing within php using gd will strip exif, and if you do a resize, this should juggle the pixel data to sufficiently disrupt any malicious executable code that an attacker might try and insert. If you have to go to these lengths though you're missing other necessary precautions for user uploaded files.
doubledee — 2012-02-13T19:31:36-05:00 — #3
What is the difference betweem GD and ImageMagick?
And where would I begin with either?
Are the free or pay software?
Are they hard to use?
If you have to go to these lengths though you're missing other necessary precautions for user uploaded files.
What things do you feel that I am missing?
eastcoast — 2012-02-14T13:10:23-05:00 — #4
GD is php module which is generally installed by default. Imagemagick is a standalone set of applications, that are often connected to php (but not on all hosting). Both are entirely free.
You can read more about the gd functions here:
They are very easy to use.
With regards to what you are missing, this is probably better addressed in your other thread regarding image upload security