Reply to post: Re: Who's using ImageMagick on the server?

Server-jacking exploits for ImageMagick are so trivial, you'll scream

Anonymous Coward
Anonymous Coward

Re: Who's using ImageMagick on the server?

And where do you believe a lot of batch processing happens and how files are loaded today?

Also, to use image processing libraries you usually need to know what you're doing. ImageMagik offers and higher level "API", just it offers it the wrong way.

And don't forget many scripting languages, including those used for web server side programming, are not the best to manage binary data and buffers, maybe through all those scaring "pointers". The low hanging fruit is to write image data to a file and then invoke a command line tool upon it... too many developers are unable to master the art of complex programming and keep on using outdated paradigms just because they are easier to use - the result is software cobbled together and vulnerable. But the biggest problem are those who tell them it's right because they too never left the past.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2021