Improve security of image filenames

Question

Improve security of image filenames

ausi opened this issue 3 years ago · 4 comments

The paths for resized versions of private images should not be guessable for security reasons.

See contao/contao@9c517c7 (#3848)

Answer 1 · 2022-01-19T14:59:59.000Z

Idea for better backwards compatibility:

Still calculate the old hash, and if the resized image already exists with the old name, return it. But if it does not exist, create a new image with the new hash algorithm instead.

Answer 2 · 2022-01-19T15:19:07.000Z

Do we need backwards compatibility? We could also ask the users to rebuild their cache.

Answer 3 · 2022-01-19T18:05:21.000Z

We could also ask the users to rebuild their cache.

This can be a very huge number of images that have to be regenerated. If the backwards compatibililty can be achieved without too much effort I would favor it.

Answer 4 · 2022-03-20T08:55:18.000Z

Closed in favor of #90