Affichage des articles dont le libellé est Re: make avatar folder public. Afficher tous les articles
Affichage des articles dont le libellé est Re: make avatar folder public. Afficher tous les articles

Re: make avatar folder public

mercredi 4 mars 2015

It depends...



Just for download the files, there is no real risk. But it *is* possible (although SMF has protection mechanisms for that) for a user to upload a malicious code disguised as an avatar (as Kindred said) and *that* is a real risk. There is ...



Re: make avatar folder public
Publié par cde693 à 07:22 0 commentaires
Libellés : ,

Re: make avatar folder public


Quote from: margarett on Today at 06:23:36 AM


User uploaded avatars are treated by SMF as attachments and are put inside "attachments" folder with a hashed name. These you can't really download easily. It *is* possibl...








Re: make avatar folder public
Publié par cde693 à 05:20 0 commentaires
Libellés : ,

Re: make avatar folder public

If one knows the file name of the avatar, then it's always possible to dowload it.

Eg, the standard avatars that SMF ships with (note that these are links to MY localhost):

http://localhost/smf2/avatars/Actors/Brad_Pitt.jpg --> this shows the image, al...



Re: make avatar folder public
Publié par cde693 à 03:28 0 commentaires
Libellés : ,

Re: make avatar folder public

lundi 2 mars 2015


Quote from: Kindred on Today at 07:29:46 AM


because information can be encoded into graphics (or supposed graphics) files. If you give them access to download the DIRECT file (rather than the system parsed detail) it ...








Re: make avatar folder public
Publié par cde693 à 06:27 0 commentaires
Libellés : ,

Re: make avatar folder public

Tell them to right click each avatar, and save image as...



Re: make avatar folder public
Publié par cde693 à 04:58 0 commentaires
Libellés : ,

Re: make avatar folder public


Quote from: Kindred on Today at 06:36:36 AM


If you just want another script to pull the avatar image file, then it's pretty simple. The information for each user, including avatar filename, can be pulled using SSI and...








Re: make avatar folder public
Publié par cde693 à 03:52 0 commentaires
Libellés : ,

Re: make avatar folder public

If you just want another script to pull the avatar image file, then it's pretty simple. The information for each user, including avatar filename, can be pulled using SSI and the user_info array



Re: make avatar folder public
Publié par cde693 à 03:52 0 commentaires
Libellés : ,

Re: make avatar folder public


Quote from: Chas Large on Today at 06:00:31 AM


Or are you suggesting giving someone direct access to the avatar directory on your host platform? is which case, no, that's not a good idea.






Correct I'd like to ...



Re: make avatar folder public
Publié par cde693 à 03:52 0 commentaires
Libellés : ,
Inscription à : Articles (Atom)
 

Lorem

Ipsum

Dolor