de en es fr
Let the machine help
Light teasing, exhibition, BDSM, sissyfication, watersports... with sounds and pictures


Post new topic Reply to topic  [ 8 posts ] 
Author Message
 @doti: Are images stored on the server, encyrpted?
PostPosted: Fri May 14, 2021 6:13 am 
Offline
Regular
sendImage() sends an unencrypted image to the server.
Everyone who knows, under which ID the image is stored on the server, can retrieve it.
A look at the source code of the script, that sent the image, usually makes it trivially easy to figure these IDs out.

This is a security issue for scripts like Mandys blackmail, as the idea of the script is, that photos and other pieces of information that are taken by the script, only get exposed, if the user does not obey Mandys instructions.
In reality anyone with some basic scripting knowledge can write a script to retrieve all data that has been collected by the script for all users, no matter if the Mandy has exposed them or not.

This can be solved by encrypting sensitive information that is passed to the send()-function, including the IDs of the photos, so that no one can retrieve the photos with receiveImage() without having the key to decrypt the retrieved IDs.

However the images themselves are still sent unencrypted.

Does the server encrypt them, before storing them in the database and only decrypt a picture, when a receiveImage()-call with a matching image ID requests it?

If this is not the case, then someone could potentially attack the servers database to grab the unencrypted pictures.

This could in theory be solved by script writer by not using sendImage(), but loading the images as byte arrays and then converting them to base64-encoded strings, which then could be encrypted and sent with the send()-function.
In practice however photos are typically much larger than the 10kb max size of values that are supplied to the send()-function, so one would have to split the encrypted images up into 10kb chunks and do multiple send()-calls per image. Obviously this would result in a massive amount of send() calls for just a couple of pictures and there would be no way to stay under the limit of 50.

The best approach to solve this would probably be to just let the server store all received images encrypted and only decrypt an image when sending it to a client, that supplies the correct image ID.

Alternatively raising the value-size limit of the send()-function to something big enough to make it possible to send encrypted images with it could also be a solution for some scripts.


Top
 Profile Send private message 
 
 Re: @doti: Are images stored on the server, encyrpted?
PostPosted: Tue May 18, 2021 1:50 pm 
Offline
Site Admin
User avatar
Yes, pictures are stored concealed on the server. The server random admins can not reach and get them freely nor easily.

(and data are sent using HTTPS by default)


Top
 Profile Send private message 
 
 Re: @doti: Are images stored on the server, encyrpted?
PostPosted: Wed Sep 28, 2022 3:20 pm 
Offline
Regular
doti wrote:
Yes, pictures are stored concealed on the server. The server random admins can not reach and get them freely nor easily.

(and data are sent using HTTPS by default)


Are the images still sent from Mandys to this or any server? If you have the time, PM me.


Top
 Profile Send private message 
 
 Re: @doti: Are images stored on the server, encyrpted?
PostPosted: Fri Sep 30, 2022 12:32 pm 
Offline
Site Admin
User avatar
There are multiple Mandy scripts. Technically, you can search inside scripts to find "sendImage()" calls, it'll make you know witch one are sending pictures.

The tag "exhibition" and "internet" are generally used to show the publication of pictures.


Top
 Profile Send private message 
 
 Re: @doti: Are images stored on the server, encyrpted?
PostPosted: Sat Oct 01, 2022 4:31 pm 
Offline
Regular
doti wrote:
There are multiple Mandy scripts. Technically, you can search inside scripts to find "sendImage()" calls, it'll make you know witch one are sending pictures.

The tag "exhibition" and "internet" are generally used to show the publication of pictures.


Show spoiler


Top
 Profile Send private message 
 
 Re: @doti: Are images stored on the server, encyrpted?
PostPosted: Tue Nov 15, 2022 10:55 am 
Offline
Site Admin
User avatar
It just says that it send a picture. All the picture are sent on the same web service and stored in a database there.


Top
 Profile Send private message 
 
 Re: @doti: Are images stored on the server, encyrpted?
PostPosted: Tue Nov 15, 2022 1:47 pm 
Offline
Regular
doti wrote:
It just says that it send a picture. All the picture are sent on the same web service and stored in a database there.


Alright, so for how long? If i want my information removed? So far no email has been sent out anyways :)


Top
 Profile Send private message 
 
 Re: @doti: Are images stored on the server, encyrpted?
PostPosted: Wed Nov 23, 2022 9:29 pm 
Offline
Site Admin
User avatar
As I can remember, a picture is reduced after 30 days without being read, and deleted 30 days after


Top
 Profile Send private message 
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Maroon Fusion theme created by Oxydo
Software, theme modifications, phpBB modification by Doti 2010 - 2020
This website uses session cookies only.