User's avatars shouldn't be fetched from thirdparty URLs #68

Open
opened 2025-06-18 03:43:35 +02:00 by jocadbz · 4 comments
Collaborator

On our current implementation, we fetch users avatars by setting a direct URL for the image.
You should already know, but that's a really bad practice, and a security risk itself.

Let's uhhh, fix that.

On our current implementation, we fetch users avatars by setting a direct URL for the image. You should already know, but that's a really bad practice, and a security risk itself. Let's uhhh, fix that.
jocadbz added the
Bad Style
ToDo
Priority: High
labels 2025-06-18 03:43:35 +02:00
jocadbz self-assigned this 2025-06-18 03:43:35 +02:00
Poster
Collaborator

As suggested by @BodgeMaster :

  • give the files a unique ID
  • add a table for file id, original file name, file hash, hash algorithm (can be used for attachments in the future)
  • store file on disk with perms 400 in a directory with perms 700, filename is the id+extension
  • directory is configurable
  • user profile has the id
  • <img src="/file_endpoint?id=1337" alt="Username&apos;s Avatar">

I do think that storing pfps as blobs on the database itself is also a viable option.

As suggested by @BodgeMaster : - give the files a unique ID - add a table for file id, original file name, file hash, hash algorithm (can be used for attachments in the future) - store file on disk with perms 400 in a directory with perms 700, filename is the id+extension - directory is configurable - user profile has the id - `<img src="/file_endpoint?id=1337" alt="Username&apos;s Avatar">` I do think that storing pfps as blobs on the database itself is also a viable option.

re: storing files in a database: That would work for pfps because they’re relatively small but I was thinking a few steps ahead.
Generally, databases are not that great for file storage. ThreadR will need infra for file storage one way or the other to support attachments, so that system might as well serve as a backbone for pfps.

re: storing files in a database: That would work for pfps because they’re relatively small but I was thinking a few steps ahead. Generally, databases are not that great for file storage. ThreadR will need infra for file storage one way or the other to support attachments, so that system might as well serve as a backbone for pfps.
Poster
Collaborator

I see. Makes sense.

I see. Makes sense.
Poster
Collaborator

Fixed on 7b0528ef36.
Still a very rough implementation, but should work.

Fixed on 7b0528ef36. Still a very rough implementation, but should work.
Sign in to join this conversation.
There is no content yet.