Is it safe to use Timthumb?

Asked

Viewed 969 times

4

I’m making a website and I started making use of the library Timthumb.php to resize the images in the exact size I want. However came to me two questions

  1. Is it safe to use? hear that past versions showed vulnerability;
  2. Will the use imply something in the performance of my site? ex: more work for the server.
  • I don’t know the status of Timthumb nowadays, but to avoid headaches better use native functions (How to Dynamically Resize Wordpress Image On-The-Fly (custom field/Theme option)), check the comment of bueltge there in this reply, the guy is a player and released a recent plugin

  • +1 It’s a good concern. Honestly, I saw the source code of Timthumb and I got a little nervous. There’s a system here that uses the Timthumb (I didn’t implement it), but I think it would be a good idea to look for a more up-to-date resource than him.

  • https://www.ssl.net.br/blog/qual-plataforma-cms-mais-hacked/ this article clarifies that the use of Timthumb is rather associated with the vulnerability of the system, the developers themselves, as the friend said in the previous answer, have already proclaimed the fact. I recommend not using.

1 answer

2

Timthumb does have security vulnerabilities, the developers themselves mentioned this once (I think it was their own blog/site) and linked that was the reason they stopped continuing their development. I did a little research to see if I could find this article but I couldn’t. In the meantime, I’ve never followed their status and development updates, so I don’t know what the situation is at the moment and whether they’ve resolved these vulnerabilities or not, but there may be other developers who may have taken up the project and fixed this problem.

However there are other methods and alternatives to this plugin.
Googling we may find some of them:

Article in English speaking of both, the Timthumb and the Bfithumb

Browser other questions tagged

You are not signed in. Login or sign up in order to post.