homepage Welcome to WebmasterWorld Guest from 54.227.34.0
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
Is there a reason NOT to allow people to upload their own avatars?
On your forum?
anon123

5+ Year Member



 
Msg#: 4053426 posted 10:28 pm on Jan 3, 2010 (gmt 0)

I've always had it turned off and had people link to an image for there avatar.

I was thinking allowing people to do this.

Is webspace the only issue? If so, I have a lot of space and can turn it on.

But could there be security or any other issues?

 

Robino

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4053426 posted 11:15 pm on Jan 3, 2010 (gmt 0)

Go for it.

Are you using vB, SMF or something comparable? If so, you've got a bunch of avatar options.

encyclo

WebmasterWorld Senior Member encyclo us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4053426 posted 11:20 pm on Jan 3, 2010 (gmt 0)

Security - image files can contain something other than an image, and hackers can attempt to (ab)use an upload script to upload code which can be run by the server, thus gaining access (there is a recent vulnerability in IIS [webmasterworld.com] that demonstrates this). Make sure you are checking the contents of the file and that it will not be executable.

rogerd

WebmasterWorld Administrator rogerd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4053426 posted 12:10 am on Jan 4, 2010 (gmt 0)

One advantage of uploaded avatars is that you have more control over what displays. If the avatar is hosted remotely in a place controlled by the user, it's easy to change an acceptable image to something problematic.

A more complex alternative would be to allow uploading to another location you control and linking from the forum to those images. This keeps your prime location secure and also lets you offload some bandwidth if that's an issue.

Rosalind

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4053426 posted 9:36 pm on Jan 4, 2010 (gmt 0)

Copyright and obscenity issues are two reasons you may not want people to upload their own.

Asia_Expat

5+ Year Member



 
Msg#: 4053426 posted 3:26 pm on Jan 6, 2010 (gmt 0)

I have avatars invisible to guest traffic. I also have them set to be uploaded to my server only. There are a few reasons for this, but it's mainly to prevent the kind of attacks that can be triggered from hotlinked images (damned if you do, damned if you don't) and another key issue is that offsite avatars can slow down your pages.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved