Home/ Questions/Q 7711483
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T01:23:13+00:00

I manage a website for an organization that has a network where several hundred

  • 0

I manage a website for an organization that has a network where several hundred users will access it in any given 15 minute period. When a user opens a browser, the organization’s homepage is displayed. This homepage has several images on it. To try to save on bandwidth to the remote web server (which is not at all affiliated with the local network), the index file checks the ip address of the requester and if it is coming from within the network, it displays a modified webpage where the images are pulled from a local shared drive on the network.

Essentially, the code is this:

<image src="file:\\\D:/hp/picture.jpg" />

I’ve been told by the network administrator that this is unacceptable because of the great security risk it poses and that the folder must be deleted immediately.

I’m pretty sure it’s not a risk because it’s the browser that requests the file from the local network and not the remote server and the only way the picture could be displayed is if the request came from the local network which all users have access to the drive in question anyway.

Is there something I am overlooking here? Can this single image tag cause a “great security risk” to the network?

Some background to prevent the obvious questions that will arise from this:

  1. Browser caches are cleared every time a new user logs on to a machine. New users log in roughly every 15 minutes on over 500 machines.
  2. I’ve requested to have a proxy cache server set up globally for the network. The network administrators flat out refused to do this
  3. Hosting from within the network is out of the question (again, by the decree of the network administrator)
  4. I have no control over the network or have any part in the decisions that are made.
  5. Every user has read access to this shared drive and they all have write access to at least some of the 100 or so directories within it.
  6. The network is not remotely accessible by remote users (you must be logged in to a machine physically plugged into the network to access the network or any drive on it)

Thanks in advance for your help on this.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Why don’t you use the very same server which serves the shared directory to share the images over HTTP, and just use:

    <image src="http://local-server/images/hp/picture.jpg" />

    You already have a server, it’s a matter of using the proper software.

    Regarding another of your points, it might be dangerous. You’re allowing your browser to access local files requested by remote websites. I can’t think of any exploits of the top of my head, but I’d rather avoid this sort of uncommon practice. You should not do something until you’re sure it’s safe (for now you’re just unsure it’s unsafe).

    • 0