I think it's pretty safe as long as no one without the permissions can find (or guess/extrapolate) that URL. The images are probably just hosted by a CDN and serving up the files with authentication might slow it down or complicate the setup.
Ah. But I'd expect think that they'd limit it to only images, or do some sorta safety checking. I recognize the performance concerns, but it's too easy to add a malware redirect onto their trusted url.
The size of the URL for the image resource is utterly huge. If that is truly random in its generation, there's no way anybody's ever going to guess it or enumerate it. It's all SSL, so you'd need a serious network breach for anybody to sniff it, and then you have bigger problems.
Why not just give every file a name that's a guid or a hash of the content? this works fine with any CDN and it's impossible to guess/fudge. You can only obtain a hash if you have the rights, and while you could share it with others it doesn't seem a bigger security problem than just sharing the picture directly instead of the link.
The only problem I see with such approach is lack of expiration policy (other than re-loading the file under a different name every now and again).
I fail to see any problems with hotlinking to random images hosted at a site that you don't control from a webpage that you're probably going to demo to your boss or client.
Interesting. I never thought of that. It seems almost silly that you're bringing insecure content over a secure channel like that but then again it is only images.
I think what Cthulu_ says is to serve clean and nice pictures to people coming through your server, and instead serve heavy watermarked versions for hotlinked links.
I'm not sure how this can be arranged with a CDN, but it's probably relatively easy/there's a painless way
Yes, the trusted party could always upload the image to imgur instead of copy and pasting the URL to an untrustworthy party. Imagine a URL that contains the entire image data and passing that around, for example.
It's not clear what you're trying to secure against. Are you worried about securing a particular image so that only certain designated users can see it? Are you worried about the original name "leaking"? Are you worried about someone iterating through all of your images?
In general, relying on a "secret" URL is not a good way to keep things secret. Google has a nasty habit of finding URLs you thought had no links. Definitely tune your robots.txt to keep the images off legit search engines.
Not at all, they now even give you a link to download the image. You can share this publicly. Or just right click and choose "Copy Image URL". I viewed source and it's a standard container div setup, nothing obfuscated about it. The image URLs are all right there.
Note that it's disabled if the image is loaded with an img tag, so allowing users to embed arbitrary URLs as images is safe. The issue is if you allow uploading of svg files to your own domain, someone can then have their own site redirect to the svg or load it in a frame, at which point it can run scripts from your origin.
Surely it would be cached based on the image URL though, not based on the page URL, and different images could use different URLs. I still don't see how this would pose a problem.
I also once contemplated making a browser extension, actually storing the url in metadata. I'm also not quite sure, how this affects user privacy, as the image content might be far more telling than the origin. Imo this compromises the origin of the file...
If you needed such guarantees, I'd reckon you'd want to proxy through a domain name you control, anyways. I wouldn't trust the URL structure of a given image host to last decades, either. Or a given image host's hot-linking tolerance to stay the same.
They can, but once you have access to the image you can just copy it from the browser and email it to anyone... not much different from sharing a url. So it's not a huge security benefit, especially for the costs involved (as some of the other comments mentioned)
reply