Feature Wiki

Information about planned and released features

Tabs

Offload image manipulation

Page Overview

1 Initial Problem
2 Conceptual Summary
3 Technical Information
4 Privacy Information
5 Contact
6 Funding
7 Discussion
8 Implementation

If you need any help in filling out this wiki page, please visit our ILIAS Community FAQ. And please complete the metadata information in the right column after having created the page.

1 Initial Problem

Image scaling, conversion, rasterization and manipulation is done by by shelling out to ImageMagic, PhantomJS and GhostScript. IM and GS have a history full of security vulnerabilities. PhantomJS is not actively maintained. In addition to serve security vulnerabilities, there might be ways to consume reasonable amounts of memory and CPU time by crafting special files. Running these programs on the same host as the web server or PHP interpreter does, is therefore unfavourable if you cannot trust every user who is permitted to upload files.

2 Conceptual Summary

ILIAS should support using a remote service and provide code and setup instructions for a remote image manipulation service so the problematic operations can be offloaded from other personal user data and ILIAS main application code. Ideally ILIAS would use a suitable existing solution or build upon standardized communication protocols.

3 Technical Information

{The maintainer has to provide necessary technical information, e.g. dependencies on other ILIAS components, necessary modifications in general services/architecture, potential security or performance issues.}

4 Privacy Information

No additional personal data will have to be processed or stored.

5 Contact

Author of the Request: Pahlow, Felix [Felix@ITZ]
Maintainer: {Please add your name before applying for an initial workshop or a Jour Fixe meeting.}
Implementation of the feature is done by: {The maintainer must add the name of the implementing developer.}

6 Funding

If you are interest in funding this feature, please add your name and institution to this list.

7 Discussion

8 Implementation

{The maintainer has to give a description of the final implementation and add screenshots if possible.}

Test Cases

Test cases completed at {date} by {user}

{Test case number linked to Testrail} : {test case title}

Approval

Approved at {date} by {user}.

Last edited: 8. Jan 2020, 15:42, Pahlow, Felix [Felix@ITZ]