Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are Hotlinked Images Now a Liability?

Posted by Cliff on Friday January 6, 2006 @11:11AM from the watch-out-for-evil-avatars dept.

ConcernedImage asks: "I work for a company that has a strong online community, with a full set of message boards that currently allow external image hotlinking. With the new WMF exploit out there, all it takes is one user to link to a bad image, and suddenly it's -our- web site inflicting the computers of others (at least, as far as our users are concerned). Is allowing hotlinked images a legal liability now? What steps are other online communities taking to protect themselves and their users against this?"

2 of 57 comments (clear)

Min score:

Reason:

Sort:

Hotlinked images always were a liability by bartjan · 2006-01-06 11:13 · Score: 4, Insightful

Hotlinks always were a liability, or at least have been from the moment the goatse domain was registered...
Y!PP did block inline images by Scarblac · 2006-01-06 11:29 · Score: 3, Interesting

The forums of Puzzle Pirates switched off all images when it became clear how bad this exploit is. They later turned back on avatars, since they're checked by the server (only accepts JPEGs and GIFs of a certain max size, and then stored server side, as far as I know).

The original announcement said they'd be back when Microsoft release their official patch, but I think PP is giving everybody time to patch first.

--
I believe posters are recognized by their sig. So I made one.