From febbcef777d481f357d0006021a18f273220905e Mon Sep 17 00:00:00 2001 From: antonfirsov Date: Wed, 10 Apr 2024 02:47:42 +0200 Subject: [PATCH] polishing --- articles/imagesharp/security.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/articles/imagesharp/security.md b/articles/imagesharp/security.md index 9e3d68df..36143dbb 100644 --- a/articles/imagesharp/security.md +++ b/articles/imagesharp/security.md @@ -1,8 +1,8 @@ # Security Considerations -Image processing is a memory-intensive application. Most image processing libraries (including ImageSharp and SkiaSharp) decode images into in-memory buffers. Any publicly facing service using such a library might be vulnerable to DoS attacks without implementing further measures. +Image processing is a memory-intensive application. Most image processing libraries (including ImageSharp, SkiaSharp and Magick.NET) decode images into in-memory buffers for further processing. Without additional measures, any publicly facing service that consumes images coming from untrusted sources might be vulnerable to DoS attacks attempting to deplate process memory. -For solutions using ImageSharp such measures can be: +Such measures can be: - Authentication, for example by using HMAC. See [Securing Processing Commands in ImageSharp.Web](../imagesharp.web/processingcommands.md#securing-processing-commands). - Offloading to separate services/containers. - Placing the solution behind a reverse proxy. @@ -12,7 +12,7 @@ For solutions using ImageSharp such measures can be: ```csharp Configuration.Default.MemoryAllocator = MemoryAllocator.Create(new MemoryAllocatorOptions() { - // Note that this limits the maximum image size to 64 megapixels. + // Note that this limits the maximum image size to 64 megapixels of Rgba32. // Any attempt to create a larger image will throw. AllocationLimitMegabytes = 256 });