SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,761
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Sanitizing Images with Imagemagick

    Has anyone used a Graphics Program to "sanitize" Images that are being uploaded to your website?

    In my researching how to allow Users to securely upload pictures to my website, it has been said by a few that you should convert the Original Images to an intermediary format (e.g. BMP) and then convert the stripped version back to a Standard Format (e.g. JPEG).

    This sounds complicated, scary, and possibly expensive?!

    Any ideas?

    Thanks,


    Debbie

  2. #2
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,547
    Mentioned
    40 Post(s)
    Tagged
    1 Thread(s)
    You don't need to use imagemagick, image reprocessing within php using gd will strip exif, and if you do a resize, this should juggle the pixel data to sufficiently disrupt any malicious executable code that an attacker might try and insert. If you have to go to these lengths though you're missing other necessary precautions for user uploaded files.

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,761
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by EastCoast View Post
    You don't need to use imagemagick, image reprocessing within php using gd will strip exif, and if you do a resize, this should juggle the pixel data to sufficiently disrupt any malicious executable code that an attacker might try and insert.
    What is the difference betweem GD and ImageMagick?

    And where would I begin with either?

    Are the free or pay software?

    Are they hard to use?


    If you have to go to these lengths though you're missing other necessary precautions for user uploaded files.
    What things do you feel that I am missing?


    Debbie

  4. #4
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,547
    Mentioned
    40 Post(s)
    Tagged
    1 Thread(s)
    GD is php module which is generally installed by default. Imagemagick is a standalone set of applications, that are often connected to php (but not on all hosting). Both are entirely free.

    You can read more about the gd functions here:

    http://php.net/manual/en/book.image.php

    They are very easy to use.

    With regards to what you are missing, this is probably better addressed in your other thread regarding image upload security


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •