Type to search...

Strict Security Hash option

URL Security

Insecure hosting is expensive

Image transformations can be expensive, depending on the image format, resolution and on the transformation type. For example bluring images consumes high amount of CPU usage and if someone use an unprotected image URL to force it bluring over and over again with different values (to prevent CDN cache), it can cause high expense. To prevent this case from being exploited, Shardimage offers Cloud security feature, which makes image hosting and transformation impossible without the generated secure hash. Also the used transformations are generated into the secure hash, so it’s not possible to change them.

Best practice

Right after creating a new cloud, a popup message will warn the user about the cloud is unrestricted, and the ‘Force secure URL’ feature should be turned on. This is the best moment to turn the cloud security on! After this, every uploaded image in the cloud can be only reached by URL with secure hash.

Using ‘Force secure URL’

You can turn on right after creating the cloud, or in the cloud feature menu.

alt

Generating the secure hash into the URL can be done with the official Shardimage SDK.

use shardimage\shardimagephp\auth\Client;
 
$client = new Client([       //we will use this configured $client for the further examples
    'apiKey' => <apiKey>,
    'apiSecret' => <apiSecret>,
    'imageSecret' => <imageSecret>,
    'cloudId' => <cloudId>,
]);
 
$params = [
    'cloudId' => 'cloudId';
    'publicId' => 'publicId';
];
$optParams = [
    'option' => null,          // options defined by shardimage\shardimagephp\factories\Option
    'transformation' => null,  // defined by shardimage\shardimagephp\factories\Transformation
    'security' => null,        // basic or token, with this turned on, secure hash will be generated into the image URL
];
$url = $client->getUrlService()->create($params, $optParams);

Security? Let’s make it double!

The second layer of image protection is an image URL option, the strictSecureHash option. With this turned on there is no way to host or transform an unprotected image. Make sure to generate the ‘strictSecureHash’ option into your image URL, it will block your image from hosting until you make the cloud secure.

SDK implementation

use shardimage\shardimagephp\factories\Option;
 
$params = [
    'cloudId' => 'cloudId';
    'publicId' => 'publicId';
];
$option = (new \shardimage\shardimagephp\factories\Option())
    ->strictSecureHash();
$optParams = [
    'option' => $option,       // options defined by shardimage\shardimagephp\factories\Option
    'transformation' => null,  // defined by shardimage\shardimagephp\factories\Transformation
    'security' => null,        // basic or token, with this turned on, secure hash will be generated into the image URL
];
$url = $client->getUrlService()->create($params, $optParams);
Table of contents