PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` --- layout: default title: Security --- # Security Secure your Glide image server with HTTP signatures. By signing each request with a private key, no alterations can be made to the URL parameters.

It is highly recommended that you use signed URLs in production environments, otherwise your application will be open to mass image-resize attacks.

## Configuration Start by configuring the Glide server to validate each request before you output the image. In the event that the validation fails, Glide will throw an `SignatureException` exception. ~~~ php validateRequest($path, $_GET); } catch (SignatureException $e) { // Handle error } ~~~

We recommend using a 128 character (or larger) signing key to prevent trivial key attacks. Consider using a package like CryptoKey to generate a secure key.

## Generating secure URLs Next, generate a signature for each image request you make. Glide comes with a URL builder to make this process easy. Be sure to use the same signing key you configured earlier. ~~~ php getUrl('cat.jpg', ['w' => 500]); // Use the URL in your app echo ''; // Prints out ~~~ ## Max image size In addition signing URLs, you can also limit how large images can be generated. The following setting will set the maximum allowed total image size, in pixels. ~~~ php 2000*2000, ]); ~~~ Notice that Glide doesn't actually restrict the width or height, but rather the total image size. In the above example it would be `4000000px`. This accomplishes the same thing, while offering more flexibility with your image sizes.