I had something similiar implemented in one of my projects but removed it
later because this may open up your webapp for (D)DoS attacks (which are farely seldom).
Imagine somebody requesting these:
yoursite.com/thumbs/images/myimage.100x100.jpg
yoursite.com/thumbs/images/myimage.100x101.jpg
yoursite.com/thumbs/images/myimage.100x102.jpg
yoursite.com/thumbs/images/myimage.100x103.jpg
and so on...
Every time the image is parsed, loaded into memory (MEM), resized (CPU)
and stored (IO, DISKSPACE). A workaround is to define a set of fixed dimensions e.g.
'small' => array(50,50), 'large' => array(500,500) and allow only those to
be used.
Possible Security Issue
I had something similiar implemented in one of my projects but removed it
later because this may open up your webapp for (D)DoS attacks (which are farely seldom).
Imagine somebody requesting these:
yoursite.com/thumbs/images/myimage.100x100.jpg
yoursite.com/thumbs/images/myimage.100x101.jpg
yoursite.com/thumbs/images/myimage.100x102.jpg
yoursite.com/thumbs/images/myimage.100x103.jpg
and so on...
Every time the image is parsed, loaded into memory (MEM), resized (CPU)
and stored (IO, DISKSPACE). A workaround is to define a set of fixed dimensions e.g.
'small' => array(50,50), 'large' => array(500,500) and allow only those to
be used.
- David Persson