As part of the open source Android project, I have a very simple web server running on top of Amazon EC2. We are thinking of integrating the component taking a picture into the application. This data will be stored on the server and other clients will be excluded.
At this time, the application is anonymous - no login is required to post information. Do I have the possibility of continuously taking pictures down because this app is missing? Or can I trust the flag system to handle such a situation? I have not implemented anything like this, and I do not know what to expect.
I would like to hear from any person who has created such a service, and there are some ideas that are necessary to open this public service like this.
If you expose an expiry status of the Internet which allows images to be uploaded and shared Gives you without certification, you will probably participate in issues. In fact, even if you need certification, you probably will get problems.
I would definitely need some form of certification at the application level. If you do not really want the user to deal with it, you can generate GUID or anything to minimize the uploaded images, it is easy to defeat an attacker, but If you are considered a spam user, you must use something to delete a 'user' upload.
You can limit some rates, so that the user is not allowed to upload many images in a short time. You can also limit the number of views to an image.
Basically, sounds like a spammer / attacker. Can they use your service to upload images that can be used in spam campaigns? Can they use it to spam their users? If the answer is yes, then you need security for it.
Comments
Post a Comment