SexScripts : @doti: Are images stored on the server, encyrpted? - https://ss.deviatenow.com:443/viewtopic.php?f=4&t=1038 Page 1 of 1

@doti: Are images stored on the server, encyrpted?

SmokingIsSexy [ Fri May 14, 2021 6:13 am ]

sendImage() sends an unencrypted image to the server.
Everyone who knows, under which ID the image is stored on the server, can retrieve it.
A look at the source code of the script, that sent the image, usually makes it trivially easy to figure these IDs out.

This is a security issue for scripts like Mandys blackmail, as the idea of the script is, that photos and other pieces of information that are taken by the script, only get exposed, if the user does not obey Mandys instructions.
In reality anyone with some basic scripting knowledge can write a script to retrieve all data that has been collected by the script for all users, no matter if the Mandy has exposed them or not.

This can be solved by encrypting sensitive information that is passed to the send()-function, including the IDs of the photos, so that no one can retrieve the photos with receiveImage() without having the key to decrypt the retrieved IDs.

However the images themselves are still sent unencrypted.

Does the server encrypt them, before storing them in the database and only decrypt a picture, when a receiveImage()-call with a matching image ID requests it?

If this is not the case, then someone could potentially attack the servers database to grab the unencrypted pictures.

This could in theory be solved by script writer by not using sendImage(), but loading the images as byte arrays and then converting them to base64-encoded strings, which then could be encrypted and sent with the send()-function.
In practice however photos are typically much larger than the 10kb max size of values that are supplied to the send()-function, so one would have to split the encrypted images up into 10kb chunks and do multiple send()-calls per image. Obviously this would result in a massive amount of send() calls for just a couple of pictures and there would be no way to stay under the limit of 50.

The best approach to solve this would probably be to just let the server store all received images encrypted and only decrypt an image when sending it to a client, that supplies the correct image ID.

Alternatively raising the value-size limit of the send()-function to something big enough to make it possible to send encrypted images with it could also be a solution for some scripts.

Re: @doti: Are images stored on the server, encyrpted?

doti [ Tue May 18, 2021 1:50 pm ]

Yes, pictures are stored concealed on the server. The server random admins can not reach and get them freely nor easily.

(and data are sent using HTTPS by default)

Re: @doti: Are images stored on the server, encyrpted?

karl-971 [ Wed Sep 28, 2022 3:20 pm ]

doti wrote:
Yes, pictures are stored concealed on the server. The server random admins can not reach and get them freely nor easily.

(and data are sent using HTTPS by default)


Are the images still sent from Mandys to this or any server? If you have the time, PM me.

Re: @doti: Are images stored on the server, encyrpted?

doti [ Fri Sep 30, 2022 12:32 pm ]

There are multiple Mandy scripts. Technically, you can search inside scripts to find "sendImage()" calls, it'll make you know witch one are sending pictures.

The tag "exhibition" and "internet" are generally used to show the publication of pictures.

Re: @doti: Are images stored on the server, encyrpted?

karl-971 [ Sat Oct 01, 2022 4:31 pm ]

doti wrote:
There are multiple Mandy scripts. Technically, you can search inside scripts to find "sendImage()" calls, it'll make you know witch one are sending pictures.

The tag "exhibition" and "internet" are generally used to show the publication of pictures.


Show spoiler

Re: @doti: Are images stored on the server, encyrpted?

doti [ Tue Nov 15, 2022 10:55 am ]

It just says that it send a picture. All the picture are sent on the same web service and stored in a database there.

Re: @doti: Are images stored on the server, encyrpted?

karl-971 [ Tue Nov 15, 2022 1:47 pm ]

doti wrote:
It just says that it send a picture. All the picture are sent on the same web service and stored in a database there.


Alright, so for how long? If i want my information removed? So far no email has been sent out anyways :)

Re: @doti: Are images stored on the server, encyrpted?

doti [ Wed Nov 23, 2022 9:29 pm ]

As I can remember, a picture is reduced after 30 days without being read, and deleted 30 days after

Page 1 of 1 All times are UTC + 1 hour [ DST ]
https://ss.deviatenow.com:443/
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Maroon Fusion theme created by Oxydo
Software, theme modifications, phpBB modification by Doti 2010, 2011