homepage Welcome to WebmasterWorld Guest from 54.145.183.190
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
Should i enable forum avatars & forum signatures?
What are the security risks?
sunandoghosh

5+ Year Member



 
Msg#: 339 posted 10:26 am on Feb 12, 2005 (gmt 0)

Hi,

I have started a new forum. I am planning to allow users to post avatars (images) to their profiles from their computers, as well as upload images for signatures.

1) What are the security riskes involved?

2) Should i not allow images to be uploaded. Rather, ask them to send images to me in email, which if i approve, will then be uploaded by me?

Regards,
Sunando

 

webboy1

10+ Year Member



 
Msg#: 339 posted 9:29 pm on Feb 13, 2005 (gmt 0)

I guess the main risk you run is controlling what images people upload to the server. I don't beleive it is possibly to automatically "Screen" images that are uploaded.

I guess you could record all uploads in a Database somehow, which controls whether they are shown online or not.

You could then build yourself a little admin area to allow or disallow newly uploaded images depending on whether or not you approve.

This is really just the same as your second option, but it would take a bit of the manual work out of it for you. All you would have to do is add a column in the Database (depending how your images are uploaded). The column could have a "1" if the image is OK to show and a "0" if its not allowed.

Hope this is a little helpful!

rogerd

WebmasterWorld Administrator rogerd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 339 posted 3:27 am on Feb 14, 2005 (gmt 0)

Premoderating images is essential, and they must be located on your server to avoid image switching later.

Some forum software will queue images for approval. If your volume is low, the email solution could work. Be sure to specify the maximum pixels and other format details, and be sure you are running good virus protection if you will be getting lots of attachments from strangers.

Personally, I find sigs kind of annoying, but then WebmasterWorld members are sort of self-selected. If your software enables displaying sigs only the first time they are used on each page, enable that feature. The only thing worse than a sig is a sig repeated ten times on a page. Imagine a post that says, "Yeah, I agree" followed by a sig consisting of a name, a witty slogan, a few links to the author's websites, maybe a blinking graphic...

GaryK

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 339 posted 3:46 am on Feb 14, 2005 (gmt 0)

A method I've found success with is programming my software so that your signature is only displayed if your message is longer than your signature. This has had a two-fold effect. Some people are writing longer more meaningful messages and at the same time other people are using much shorter signatures.

Regarding photographs, the nature of my site is such that most photos cannot be pre-moderated. But since avatars and a personal photograph can be in png, gif, jpg or bmp format what I've done is define a db column that holds the image's extention. Until it gets approved the extension has an "x" appended to it which restricts its visibility until a moderator can review it.

In terms of security, make sure to use a package that lets you limit the size of the upload. I also use a piece of code that uses several Windows APIs to check the image's width, height, pixel depth, and format. For jpg files I also do a virus scan.

This may too much for some folks but as a software developer I find it easy to incorporate these features into my message board software and I haven't had a "bad" upload since the site went online back in 1998.

sunandoghosh

5+ Year Member



 
Msg#: 339 posted 7:27 pm on Feb 14, 2005 (gmt 0)

hi,

thanks to all of u.

can scripts be run from signature field / image upload

Sunando

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved