Comparing Cloud-Based Image Services For Developers 28
Nerval's Lobster writes "As Web applications grow in number and capability, storing large amounts of images can quickly become a problem. If you're a Web developer and need to store your client images, do you just keep them on the same server hosting your Website? What if you have several gigabytes worth of images that need to be processed in some way? Today, many developers are looking for an easy but cost-effective solution whereby images can be stored in the cloud and even processed automatically, thus taking a huge load off one's own servers, freeing up resources to focus on building applications. With that in mind, developer and editor Jeff Cogswell looks at a couple different cloud-based services for image storage and processing. At first glance, these services seem similar—but they're actually very different. He examines Cloudinary and Blitline, and encourages developers to take a look at ImageResizer, an open-source package that does a lot of what proprietary services do (you just need to install the software on your own servers). 'If you're not a programmer but a web designer or blogger, Blitline won't be of much use for you,' he writes. 'If you are a developer, both Cloudinary and Blitline work well.' What do you think?"
Never host user images on your domain... (Score:4, Insightful)
If you care about security, you would never host user provided images on your own domain.
Browsers ignore the file extension, and in many cases ignore the mime type when deciding how to process a URL. A malicious user could upload a dodgy swf file, but then rename it .jpg. Then the attacker gets the victim to load the malicious jpg from your domain. The swf can now read your domains cookies (same origin policy) and then return them to the attacker.
Thats why google uses 'Googleusercontent.com'. Most big sites do it. If you care about your users, you would do it too...