[3.2][BETA] Image Redirect

A place for Extension Authors to post and receive feedback on Extensions still in development. No Extensions within this forum should be used within a live environment!
Scam Warning
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: Extensions Development rules

IMPORTANT FOR NEEDED EVENTS!!!
If you need an event for your extension please read this for the steps to follow to request the event(s)
v12mike
Registered User
Posts: 266
Joined: Thu Jul 09, 2015 5:03 pm

Re: [3.2][BETA] Image Redirect

Post by v12mike » Wed Oct 10, 2018 1:02 pm

For the sake of discussion and enlightenment, Amigo, can you tell us what harm a MITM attack can do on an image link in a typical phpBB forum context? Remember that the browser has been told to render the link content as an image.

Given the answer to that question, what action would you as a user take, if you were reading a phpBB forum over https but you get an insecure content warning for an image hosted on a http site?

User avatar
AmigoJack
Registered User
Posts: 5364
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: [3.2][BETA] Image Redirect

Post by AmigoJack » Wed Oct 10, 2018 2:06 pm

v12mike wrote:
Wed Oct 10, 2018 1:02 pm
what harm a MITM attack can do on an image link in a typical phpBB forum context? Remember that the browser has been told to render the link content as an image
The picture's integrity. When it should display text in it, that could have been modified. When it should display persons, their faces could have been modified. Such things. Not security.

v12mike wrote:
Wed Oct 10, 2018 1:02 pm
what action would you as a user take, if you were reading a phpBB forum over https but you get an insecure content warning for an image hosted on a http site?
My level in believing what I see: if I know it comes thru HTTP I could less trust it than when it comes thru HTTPS.

At least that's how I would do it from the other side: manipulate pictures in HTTP streams when someone is proxifying them as HTTPS. A board owner with malicious intentions has even less work to do, as then always his modified pictures are served instead of the originals (of course: this case applies to many other scenarios, like attachments being modified etc.).
The worst thing about censorship is ███████████

Post Reply

Return to “Extensions in Development”

Who is online

Users browsing this forum: eindgebruiker, Ger, skybound and 17 guests