Solutions and ideas for insecure images
-
I got your points. Actually that can be general issue for universe of
camo
or imageproxy. This is quite interesting issue which should be checked before whoever decides to take camo's advatage. Do you have any information or ideas from a camo community?In case of Discourse, they really save an image and serve with
upload/somewhat_hashed_string.jpg
. This is really a matter.Thank you for comments.
-
@ThingBreaker said:
This way there's no concern for resource usage by others. Plus, its a good exercise for those who haven't done this yet.
This, I agree.
yes but what I'm getting at is that it wouldn't be difficult for each admin to set up their own camo instance.
But, this I don't. It's not so clear to me, and I know a lot of forum/website owners who doesn't. Of course, NodeBB can be different because it's not a php and is being at more technical edge. But still I don't believe that most of NodeBB owners or candidates are so used to be or like to be trained in practice.
But, yes, I agree that it's better to have one's own, definitely!!
-
hmm. didn't notice this topic had split.
copying this here with context so it doesn't get lost.
@accalia said in Connection Not Secure:
i think ultimately the best solution for most forums is to have a whitelist of image hosts to use that support https, inline images via
//domain.example.com/path
and just leave all other images as links.it's not the prettiest nor the best user experience, but i think it strikes a nice balance between ease of implementation, ease of use, and ease of understanding for non technical people.
-
nodebb-plugin-camo was made by me and @lenovouser. I asked him to make a guide, but it's not that complicated. I set it up in just a few minutes following the instructions on the camo github page (docker or heroku are there). Also, I updated it to v1.0.0 just now.
-
I found a interesting site which already serve image proxy and more.
Their service seems to be public and free even though they have no clear writings on it. Actually noting for policies, rules, goals but just how to use is there.But anyway, one can ask them to use.
If they are just free and public then it will be really useful. -
If NodeBB would finally support uploads to 3rd party machines people could setup their own CDN's as well.
Best would be if the uploader would feature FTP support as most CDN services are featuring it and it is fairly easy to configure a FTP service on your own servers as well.
-
-
@lenovouser and I have released nodebb-plugin-camo with an internal Camo server, which should make setup much easier, and solves many of the issues here. (Although not all)