|
|
|
|
|
|
by porker
4262 days ago
|
|
|
> It never proved necessary to do more. You're definitely open to a DOS attack. Hard to mitigate too... An approach I've used before is to have a hash in the URL, and discard any requests where the width/height don't match the hash value. Not good if users are meant to be able to link at whatever size they want, but in our case we gave a shortcode to users which then generated the actual URL. |
|
|