开发者

HTTPS and Images

开发者 https://www.devze.com 2023-03-20 07:08 出处:网络
Besides transporting captcha imgs & copy-righted imgs, is there any other reason why one would want to 开发者_Go百科move large streams of bytes via SSL rather than regular HTTP?Preventing browsers

Besides transporting captcha imgs & copy-righted imgs, is there any other reason why one would want to 开发者_Go百科move large streams of bytes via SSL rather than regular HTTP?


Preventing browsers from displaying a message along the lines of: "This page is secure, but some content on this page is not. Do you want to show this content?"


Besides the mixed-content warnings (already mentioned by @Dark Falcon), which you should avoid, some JPEG images can contain executable code.

"Executing" JPEG images is quite unlikely, but it depends on the client. If the client is a PHP script itself for example, code could be injected in the JPEG metadata (this vulnerability also reflects something that shouldn't have been programmed like this on the PHP side too).

For this reason, you may want to make sure the image you get hasn't been altered and really comes from the source you intended. HTTPS helps with this, in that it provides data integrity. Whether you trust the source is another matter, but you'll know at least that it hasn't been tampered with during the transfer.


Preventing basic packet sniffers and related technologies from grabbing the image requests

0

精彩评论

暂无评论...
验证码 换一张
取 消