summaryrefslogtreecommitdiff
path: root/vendor/league/glide/docs/1.0/config/security.md
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/league/glide/docs/1.0/config/security.md')
-rw-r--r--vendor/league/glide/docs/1.0/config/security.md73
1 files changed, 0 insertions, 73 deletions
diff --git a/vendor/league/glide/docs/1.0/config/security.md b/vendor/league/glide/docs/1.0/config/security.md
deleted file mode 100644
index 6c4c47f405..0000000000
--- a/vendor/league/glide/docs/1.0/config/security.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-layout: default
-title: Security
----
-
-# Security
-
-Secure your Glide image server with HTTP signatures. By signing each request with a private key, no alterations can be made to the URL parameters.
-
-<p class="message-notice">It is highly recommended that you use signed URLs in production environments, otherwise your application will be open to mass image-resize attacks.</p>
-
-## Configuration
-
-Start by configuring the Glide server to validate each request before you ouput the image. In the event that the validation fails, Glide will throw an `SignatureException` exception.
-
-~~~ php
-<?php
-
-use League\Glide\Signatures\SignatureFactory;
-use League\Glide\Signatures\SignatureException;
-
-try {
- // Set complicated sign key
- $signkey = 'v-LK4WCdhcfcc%jt*VC2cj%nVpu+xQKvLUA%H86kRVk_4bgG8&CWM#k*b_7MUJpmTc=4GFmKFp7=K%67je-skxC5vz+r#xT?62tT?Aw%FtQ4Y3gvnwHTwqhxUh89wCa_';
-
- // Validate HTTP signature
- SignatureFactory::create($signkey)->validateRequest($path, $_GET);
-
-} catch (SignatureException $e) {
- // Handle error
-}
-~~~
-
-<p class="message-notice">We recommend using a 128 character (or larger) signing key to prevent trivial key attacks. Consider using a package like <a href="https://github.com/AndrewCarterUK/CryptoKey">CryptoKey</a> to generate a secure key.</p>
-
-## Generating secure URLs
-
-Next, generate a signature for each image request you make. Glide comes with a URL builder to make this process easy. Be sure to use the same signing key you configured earlier.
-
-~~~ php
-<?php
-
-use League\Glide\Urls\UrlBuilderFactory;
-
-// Set complicated sign key
-$signkey = 'v-LK4WCdhcfcc%jt*VC2cj%nVpu+xQKvLUA%H86kRVk_4bgG8&CWM#k*b_7MUJpmTc=4GFmKFp7=K%67je-skxC5vz+r#xT?62tT?Aw%FtQ4Y3gvnwHTwqhxUh89wCa_';
-
-// Create an instance of the URL builder
-$urlBuilder = UrlBuilderFactory::create('/img/', $signkey);
-
-// Generate a URL
-$url = $urlBuilder->getUrl('cat.jpg', ['w' => 500]);
-
-// Use the URL in your app
-echo '<img src="'.$url.'">';
-
-// Prints out
-<img src="/img/cat.jpg?w=500&s=af3dc18fc6bfb2afb521e587c348b904">
-~~~
-
-## Max image size
-
-In addition signing URLs, you can also limit how large images can be generated. The following setting will set the maximum allowed total image size, in pixels.
-
-~~~ php
-<?php
-
-$server = League\Glide\ServerFactory::create([
- 'max_image_size' => 2000*2000,
-]);
-~~~
-
-Notice that Glide doesn't actually restrict the width or height, but rather the total image size. In the above example it would be `4000000px`. This accomplishes the same thing, while offering more flexibility with your image sizes. \ No newline at end of file