Announcement

Collapse
No announcement yet.

Image attachment uploads

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Image attachment uploads

    I read in a separate thread that in some circumstances it was advisable to store attachment originals in the server files system rather than the database. Currently they are store in the database with my forum and I am considering using the option to export from the database. I have a few questions:

    1. Are the versions in the database the same size as uploaded or if they exceed the set size limits and resized are the resized versions stored or, indeed, are both stored?

    2. How are images named - is there a potential for name duplication in the file system store?

    3. Not directly related but is there any way to retain exif (camera settings) metadata in photos that have been uploaded?

    Thanks

  • #2
    It is recommended to store binary data in the file system and not the database. Storing large amounts of binary data in your database will negatively impact performance.

    1. They are resized to the maximum limit specified under Attachments -> Attachment Storage Types. In both scenarios.
    2. Attachments should be unique to the user. Filenames aren't really relevant to detecting duplicates. In the file system they are stored by /u/sr/e/r/i/d/fileid.attach
    3. vBulletin doesn't retain EXIF information in either scenario. This is a security risk and can compromise your server.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud customization and demonstration site.
    vBulletin 5 Documentation - Updated every Friday. Report issues here.
    vBulletin 5 API - Full / Mobile
    I am not currently available for vB Messenger Chats.

    Comment


    • #3
      Thank you Wayne Luke - just to clarify if an image is resized, is the original discarded? And can you explain why EXIF information is a security risk?

      Comment


      • #4
        If an image is resized, the original is never actually saved.

        There are no standards for what is allowed in EXIF data. Each camera, phone, and software package has their own idea on what is best to store here. In addition to this, nefarious actors can insert Javascript, PHP, and other code into the EXIF data to spread malware and compromise servers as well as the hardware of end users.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud customization and demonstration site.
        vBulletin 5 Documentation - Updated every Friday. Report issues here.
        vBulletin 5 API - Full / Mobile
        I am not currently available for vB Messenger Chats.

        Comment

        Related Topics

        Collapse

        Working...
        X