Wednesday, 15 February 2012

Are cross-domain favicons a security risk? -


I have a site of news articles presented by the user, and for a convenience I had an idea that favicon was targeted To display the site with links.

The functioning tool to grab the favicon will be checking the favicon.ico file on the target server. Will displaying that icon as an image open any hole? Can some kind of malicious favicon occur? Converting Image Server-Side to a Different File Format Is Dismissing Risk?

A vulnerability in the window a few years ago JPEG Parser It is possible that in future the weaknesses in other formats Can be searched, but I think you are very safe to display it, and if the threat is promoted then be cautious about patches.

However, to protect the privacy of your users, you should cache the favicon on your server, and take the user's browsers from there. On the other hand, some sites feel that you have violated your intellectual property by displaying your site on your favicon. Again, I probably do not worry much about it So they do not ask you to stop.


No comments:

Post a Comment