boost on this thread -- i totally agree / would love to hear from the community about this!
Solutions and ideas for insecure images
I got your points. Actually that can be general issue for universe of
camoor imageproxy. This is quite interesting issue which should be checked before whoever decides to take camo's advatage. Do you have any information or ideas from a camo community?
In case of Discourse, they really save an image and serve with
upload/somewhat_hashed_string.jpg. This is really a matter.
Thank you for comments.
This way there's no concern for resource usage by others. Plus, its a good exercise for those who haven't done this yet.
This, I agree.
yes but what I'm getting at is that it wouldn't be difficult for each admin to set up their own camo instance.
But, this I don't. It's not so clear to me, and I know a lot of forum/website owners who doesn't. Of course, NodeBB can be different because it's not a php and is being at more technical edge. But still I don't believe that most of NodeBB owners or candidates are so used to be or like to be trained in practice.
But, yes, I agree that it's better to have one's own, definitely!!
@ThingBreaker Also we have to think carefully @julian 's point about copy right and rehosting before use
camoor other image proxy.
camoas opt-in would be fine (as it shifts responsibility away from NodeBB and onto the forum administrator themselves)... never tried it out though,
hmm. didn't notice this topic had split.
copying this here with context so it doesn't get lost.
i think ultimately the best solution for most forums is to have a whitelist of image hosts to use that support https, inline images via
//domain.example.com/pathand just leave all other images as links.
it's not the prettiest nor the best user experience, but i think it strikes a nice balance between ease of implementation, ease of use, and ease of understanding for non technical people.
nodebb-plugin-camo was made by me and @lenovouser. I asked him to make a guide, but it's not that complicated. I set it up in just a few minutes following the instructions on the camo github page (docker or heroku are there). Also, I updated it to v1.0.0 just now.
I found a interesting site which already serve image proxy and more.
Their service seems to be public and free even though they have no clear writings on it. Actually noting for policies, rules, goals but just how to use is there.
But anyway, one can ask them to use.
If they are just free and public then it will be really useful.
If NodeBB would finally support uploads to 3rd party machines people could setup their own CDN's as well.
Best would be if the uploader would feature FTP support as most CDN services are featuring it and it is fairly easy to configure a FTP service on your own servers as well.
Already I mostly accepted @julian 's points but also after 123 views of this topic,
It simply seems that no demands of the half public server. ( Good to me )
And I acknowledge that @ThingBreaker may be right, I underestimated NodeBB users