Link to home
Create AccountLog in
Avatar of sayhi
sayhi

asked on

How to prevent PHP image generation from overloading server?

Hi all,

The script- http://www.alistapart.com/d/dynatext/heading.php.txt
( which comes from this article- http://www.alistapart.com/articles/dynatext/ )

This heading.php creates dynamic images on the fly and you can cache the images created too. I am using this option and I was thinking about this, and there is a security flaw. Anyone can pass any text they want and it will create a new image. Eventually, they could create thousands of images on the server and crash it.

What do you suggest to fix this problem?
Avatar of HackneyCab
HackneyCab
Flag of United Kingdom of Great Britain and Northern Ireland image

I can't think of a way other than requiring users to login before that feature is active.

If you try to limit requests by IP or machine, rogue botnets can abuse your site from hundreds of machines around the net per second, so that won't work.
Avatar of waygood
waygood

You could change the script so images aren't created for caching, only outputted on the fly.

Or you can add in some security features like session variables or referer checking.

You may also want to consider adding in a cleanup script, so if file qty reaches a limit then the older ones are deleted. Adding this into the script, before creating the new one, will mean that each time its run, it will self clean.
Avatar of sayhi

ASKER

See, I'm using this script so I don't have to go into photoshop and export brand new header titles for each page of the site if the client wants the font to change or color or whatever. With PHP, I just change some variables and plop in the text and viola! new header.

Currently images are generated using the follow code:
<img src="title.php?text=My%20Page%20Title"  />

What do you think about maybe hiding the way the image is generated? If someone  doesn't know how it gets made, they can't exploit it? Just thinking outloud...
Avatar of sayhi

ASKER

Hmm, or maybe I should just run the script to generate all the header graphics I need, then disable caching ?
Consider adding a "sleep()" statement to the script.  Nobody would mind waiting a second or two, and it will take the pressure off the server a little bit.  HTH, Ray
Avatar of sayhi

ASKER

okay, another idea, change the way the script is called

instead of <img src="title.php?text=My%20Page%20Title"  />

can someone help me re-arrange the code into a function and make it so it's called like:

echo "<img src=".createTitle('testing')." />";
ASKER CERTIFIED SOLUTION
Avatar of waygood
waygood

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of sayhi

ASKER

What do you mean? I thought a function like createTitle() would output the path to the image and not reference the php script?
Ah! I thought CreateTile would create the tile!!!!

You should have called it TileLocation()
LOL