Page MenuHomePhabricator

RFC for blocking arbitrary thumbnail sizes over a certain size
Closed, DeclinedPublic

Description

Migrated from: https://wikimedia.mingle.thoughtworks.com/projects/multimedia/cards/538

Narrative

As a developer, I want to submit a less controversial RFC, so that the existing DoS vector for Image Scalers can be reduced

Acceptance Criteria

  • Update or fork https://www.mediawiki.org/wiki/Requests_for_comment/Standardized_thumbnails_sizes
  • Instead of stating that all arbitrary thumbnail sizes are to be prevented in favor of the buckets, propose that on wmf wikis arbitrary thumbnail sizes will still be supported under a certain size (for example, 600px) and above that, stick to a given set of buckets
  • Pick a single bucket list, based on Media Viewer's, instead of proposing multiple options in the RFC, like the existing one does
  • Stress that this is essential to the stability of the production thumbnailing system. Greatly reduces the chances of accidents or attacks bringing down the image scalers
  • Push that RFC all the way through the process. The simpler the proposal, the easier it should be.

Related Bugs

Related Stories

Related Changesets