Jump to content

Please consider removing image extension restrictions

tnguy

By tnguy
in Feedback and Support

Recommended Posts

tnguy Prolific Contributor

tnguy

Posted
Posted

Quite often, I'll be wanting to post up a picture from offsite and I'll run into this little fun message

 

You are not allowed to use that image extension on this community.

 

 

This will typically be for an image that does not end in a typical .png, .gif or .jpg extension, for example, https://www.govtrack.us/congress/votes/111-2009/s396/diagram which is a perfectly valid image.

 

Now, whilst this might seem to be a good idea to the uninitiated, the fact is that the extension makes no real difference on the web (well, there was a time when Microsoft screwed up but they've had that fixed for a decade now). The important part is the Content-type (mime-type) which this check makes no attempt to verify. This restriction does not improve web safety at all and only forces members to have to run pictures through some intermediate step to end up with an "allowed" extension if they don't already have one.

 

Now, I'm not throwing my pacifier out of the pram on this, so please don't get defensive, it's just a pain to have to jump through hoops for no benefit to anyone.

Link to comment
  • Replies 26
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Oh Shoot
Oh Shoot

Sigh. Guys, the topic is NOT   - type of image - size of image - storage of image on TGO - storage on offsite provider - your bandwidth - TGO bandwidth - the Super Bowl   The topic is about

mikegideon
mikegideon

It was my fault. I wasn't trying to piss off my dear friend, even though he's pretty adorable when his drawers get in a twist :)

Oh Shoot
Oh Shoot

Well, I see this topic brought the crowd to its feet ... and heading for the exits.   I find it quite irritating myself, especially when I do a search for just the right pic to post, whether as a jo

Oh Shoot Postus Maximus

Oh Shoot

Posted
Posted

Well, I see this topic brought the crowd to its feet ... and heading for the exits.

 

I find it quite irritating myself, especially when I do a search for just the right pic to post, whether as a joke or to illustrate some firearm feature or even a political point.

 

And I usually don't really notice the URL before I paste it in the dialogue to get the verboten notice.

 

Thing is, the same images work on all the other forums I frequent, who are mostly using vBulletin, and used to work here when David ran that board software. Maybe it's some kind of security feature in IP Board but can't imagine what nasty thing it could prevent, seems like more of a bug to me?

 

- OS

  • Like 1
Link to comment
mikegideon Postus Maximus

mikegideon

Posted
Posted

I too would love to see this changed if at all possible. Using photobucket is a slow, cumbersome process that I would love to avoid.

 

The change wouldn't totally eliminate image hosting. If it's a pic from your hard drive, it would still have to be hosted somewhere. I agree with opening up the links if there's no risk. I also understand why David doesn't want to store a gazillion JPEGS on the TGO server.

Link to comment
Oh Shoot Postus Maximus

Oh Shoot

Posted
Posted

The change wouldn't totally eliminate image hosting. If it's a pic from your hard drive, it would still have to be hosted somewhere. I agree with opening up the links if there's no risk. I also understand why David doesn't want to store a gazillion JPEGS on the TGO server.

 

Those points aren't even topic of discussion, Mikey. Till now, I guess. ;)

 

- OS

Link to comment
  • Admin Team
MacGyver Postus Maximus

MacGyver

Posted
  • Admin Team
Posted

I can't imagine how our database would grow if we started allowing people to post pictures at will.  Discount the potential security issues (known and unknown) with allowing users to upload files entirely.  Subtract potential legal issues with hosting images we don't own, and it's still not something we're really going to be interested in doing.  It simply boils down to performance issues. We already spend a ton of time balancing performance with database size.  One poorly resized picture could literally consume the database space of thousands of threads with pictures linked from external sources. 

 

I just don't see it happening.

Link to comment
tnguy Prolific Contributor

tnguy

Posted
  • Author
Posted (edited)

I can't imagine how our database would grow if we started allowing people to post pictures at will.  Discount the potential security issues (known and unknown) with allowing users to upload files entirely.  Subtract potential legal issues with hosting images we don't own, and it's still not something we're really going to be interested in doing.  It simply boils down to performance issues. We already spend a ton of time balancing performance with database size.  One poorly resized picture could literally consume the database space of thousands of threads with pictures linked from external sources. 

 

I just don't see it happening.

 

With the proviso that this is not what the topic of this thread is about, I will say that on other boards I'm on that do image hosting, it *typically* isn't an issue with regard to size or performance. Not that I'm pushing for hosting.

 

Now, there have been security issues. Bitcointalk was recently hacked and the vector was believed to have been a script disguised as an image. Note that it did have an extension that is accepted as an image type here so it doesn't have any bearing on the original topic. Extensions really don't have much meaning on the web (they're pretty much a Microsoft thing in the first place).

Edited by tnguy
Link to comment
  • Admin Team
MacGyver Postus Maximus

MacGyver

Posted
  • Admin Team
Posted

With the proviso that this is not what the topic of this thread is about, I will say that on other boards I'm on that do image hosting, it *typically* isn't an issue with regard to size or performance. Not that I'm pushing for hosting.

 

Now, there have been security issues. Bitcointalk was recently hacked and the vector was believed to have been a script disguised as an image. Note that it did have an extension that is accepted as an image type here so it doesn't have any bearing on the original topic. Extensions really don't have much meaning on the web (they're pretty much a Microsoft thing in the first place).

My comment was directed towards the users who commented that they'd like to be able to post pictures directly.

 

The forum software's basis is filtering is certainly a security issue.  There have been a host of hacks that have born out the concern.

 

But, as a practical matter, as consumers of this forum software - not developers, we're kind of limited in what we can do anyway.  The only files that are allowed are types that are whitelisted.  Remove that list, and the software won't allow you to link anything.  To look at your original image above, this has more to do with how some web servers are hosting image files and the fact that it's not listing an extension.  So, your image above is a valid .png file, but since the hosting server doesn't list an extension, IPB isn't going to allow it.  Maybe at some point they'll update to looking at mime-type, but it's not something that David or I can influence.

Link to comment
Jonnin Postus Maximus

Jonnin

Posted
Posted (edited)

Performance does not make sense.   Wavelet cpu burn (jpg, etc) is more of the performance issue than network speed for people these days, so if performance of a pic heavy thread is a concern, toss out the jpegs and use uncompressed RGB format would be faster lol.    I can easily download and open uncompressed large photos faster than compressed ones due to the high performance of network/ram/disk/etc compared to the delay of uncompression *then* handing the big array.  It basically cuts out a step (decompression).  A slow network, compression will still help quite a bit.

 

Security is an issue.  Some formats are more vulnerable to hackery than others.  A lot of this is the viewer program's vulnerabilities, not the image data.  A virus or buffer hack etc only work if the moronic client tries to *execute* the code found in a *picture*.  DUH.

 

Copyrights are the same no matter what format is used.  I don't get it?   More formats = more things to steal, I guess. 

 

All in all, I think images should be limited in pixel size (honestly about 300 square is plenty for a posted image, maybe 500 tops) to maximize performance and open to a few more commonplace formats (but not the 10 page long list of obscure formats). 

 

The big performance hit is link to external image, if the hosting site is slowish, and many are.   That is why the size limit I mentioned would be a good tweak, to limit trying to download a 5MB image that is then resized by the browser or TGO rules or whatever  to 400x400 or something after downloading it....  

Edited by Jonnin
Link to comment
Oh Shoot Postus Maximus

Oh Shoot

Posted
Posted (edited)

Sigh. Guys, the topic is NOT

 

- type of image

- size of image

- storage of image on TGO

- storage on offsite provider

- your bandwidth

- TGO bandwidth

- the Super Bowl

 

The topic is about the link to a picture that many pages use. The images are still JPEG, GIF, or PNG, but since the link does not name them as such, the PB Board software, or the settings within it, disallow them for embedding within a post, even though browsers parse them just fine:

 

Again, OP's example:

 

https://www.govtrack.us/congress/votes/111-2009/s396/diagram

 

(simple PNG image)

 

Here is another, picked at random:

 

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRP_S2LQ4fxylY50bDWgcDs5HvqLS-ne3XX3HDvLw8yiT3LZ4sILQ

 

(simple JPEG image)

 

Again, to clarify, these type URLs can not be put in a post, but of course display fine if you simply click on them.

 

- OS

Edited by Oh Shoot
  • Like 3
Link to comment
  • Admin Team
MacGyver Postus Maximus

MacGyver

Posted
  • Admin Team
Posted

Sigh. Guys, the topic is NOT

 

- type of image

- size of image

- storage of image on TGO

 

The topic is about the link to a picture that many pages use. The images are still JPEG, GIF, or PNG, but since the link does not name them as such, the PB Board software, or the settings within it, disallow them for embedding within a post, even though browsers parse them just fine:

 

Again, OP's example:

 

https://www.govtrack.us/congress/votes/111-2009/s396/diagram

 

(simple PNG image)

 

Here is another, picked at random:

 

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRP_S2LQ4fxylY50bDWgcDs5HvqLS-ne3XX3HDvLw8yiT3LZ4sILQ

 

(simple JPEG image)

 

Again, to clarify, these type URLs can not be put in a post, but of course display fine if you simply click on them.

 

- OS

 

That's just a limitation of the software as it stands. 

 

Maybe an update will come out at some point to address it, but it's not something we can influence or change on our end by somehow adjusting a setting.

Link to comment
Oh Shoot Postus Maximus

Oh Shoot

Posted
Posted

That's just a limitation of the software as it stands. 

 

Maybe an update will come out at some point to address it, but it's not something we can influence or change on our end by somehow adjusting a setting.

 

Hey, a real answer to the actual issue! ;) Thanks, really.

 

- OS

Link to comment
tnguy Prolific Contributor

tnguy

Posted
  • Author
Posted

My comment was directed towards the users who commented that they'd like to be able to post pictures directly.

 

The forum software's basis is filtering is certainly a security issue.  There have been a host of hacks that have born out the concern.

 

But, as a practical matter, as consumers of this forum software - not developers, we're kind of limited in what we can do anyway.  The only files that are allowed are types that are whitelisted.  Remove that list, and the software won't allow you to link anything.  To look at your original image above, this has more to do with how some web servers are hosting image files and the fact that it's not listing an extension.  So, your image above is a valid .png file, but since the hosting server doesn't list an extension, IPB isn't going to allow it.  Maybe at some point they'll update to looking at mime-type, but it's not something that David or I can influence.

 

Hmm. Interesting. I've seen it work on other forums using similar software but I can believe this specific software could be that way. One trick I have found works on a couple of images where the image link has ended in a / is just to make up a name to stick on the end. The web server at the other end ignores the image name and still sends out the image and the forum software allows the link since it has an allowable extension. This works less than 50% of the time however :(

 

If it can't be changed, there's not much more discussion to be had. Thanks for replying.

Link to comment
Guest
This topic is now closed to further replies.
Go to topic listing

TGO HELPFUL LINKS

Outside of TGO...

TRADING POST NOTICE

Before engaging in any transaction of goods or services on TGO, all parties involved must know and follow the local, state and Federal laws regarding those transactions.

TGO makes no claims, guarantees or assurances regarding any such transactions.

THE FINE PRINT

Tennessee Gun Owners (TNGunOwners.com) is the premier Community and Discussion Forum for gun owners, firearm enthusiasts, sportsmen and Second Amendment proponents in the state of Tennessee and surrounding region.

TNGunOwners.com (TGO) is a presentation of Enthusiast Productions. The TGO state flag logo and the TGO tri-hole "icon" logo are trademarks of Tennessee Gun Owners. The TGO logos and all content presented on this site may not be reproduced in any form without express written permission. The opinions expressed on TGO are those of their authors and do not necessarily reflect those of the site's owners or staff.

TNGunOwners.com (TGO) is not a lobbying organization and has no affiliation with any lobbying organizations.  Beware of scammers using the Tennessee Gun Owners name, purporting to be Pro-2A lobbying organizations!

×
×
  • Create New...

Important Information

By using this site, you agree to the following.
Terms of Use | Privacy Policy | Guidelines
 
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.