From 6eb15bd6cdcac886e6f4bbdd8b7ba05f698ac23a Mon Sep 17 00:00:00 2001
From: antonfirsov <antonfir@gmail.com>
Date: Wed, 10 Apr 2024 02:31:29 +0200
Subject: [PATCH 1/3] add paragraph: Security Considerations

---
 articles/imagesharp/security.md | 19 +++++++++++++++++++
 articles/toc.md                 |  1 +
 2 files changed, 20 insertions(+)
 create mode 100644 articles/imagesharp/security.md

diff --git a/articles/imagesharp/security.md b/articles/imagesharp/security.md
new file mode 100644
index 00000000..9e3d68df
--- /dev/null
+++ b/articles/imagesharp/security.md
@@ -0,0 +1,19 @@
+# Security Considerations
+
+Image processing is a memory-intensive application. Most image processing libraries (including ImageSharp and SkiaSharp) decode images into in-memory buffers. Any publicly facing service using such a library might be vulnerable to DoS attacks without implementing further measures.
+
+For solutions using ImageSharp such measures can be:
+- Authentication, for example by using HMAC. See [Securing Processing Commands in ImageSharp.Web](../imagesharp.web/processingcommands.md#securing-processing-commands).
+- Offloading to separate services/containers.
+- Placing the solution behind a reverse proxy.
+- Rate Limiting.
+- Imposing conservative allocation limits by configuring a custom `MemoryAllocator`:
+
+```csharp
+Configuration.Default.MemoryAllocator = MemoryAllocator.Create(new MemoryAllocatorOptions()
+{
+    // Note that this limits the maximum image size to 64 megapixels.
+    // Any attempt to create a larger image will throw.
+    AllocationLimitMegabytes = 256
+});
+```
\ No newline at end of file
diff --git a/articles/toc.md b/articles/toc.md
index 1c841d61..c06e9970 100644
--- a/articles/toc.md
+++ b/articles/toc.md
@@ -8,6 +8,7 @@
 ### [Working with Pixel Buffers](imagesharp/pixelbuffers.md)
 ### [Configuration](imagesharp/configuration.md)
 ### [Memory Management](imagesharp/memorymanagement.md)
+### [Security Considerations](imagesharp/security.md)
 
 # [ImageSharp.Drawing](imagesharp.drawing/index.md)
 ## [Getting Started](imagesharp.drawing/gettingstarted.md)

From febbcef777d481f357d0006021a18f273220905e Mon Sep 17 00:00:00 2001
From: antonfirsov <antonfir@gmail.com>
Date: Wed, 10 Apr 2024 02:47:42 +0200
Subject: [PATCH 2/3] polishing

---
 articles/imagesharp/security.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/articles/imagesharp/security.md b/articles/imagesharp/security.md
index 9e3d68df..36143dbb 100644
--- a/articles/imagesharp/security.md
+++ b/articles/imagesharp/security.md
@@ -1,8 +1,8 @@
 # Security Considerations
 
-Image processing is a memory-intensive application. Most image processing libraries (including ImageSharp and SkiaSharp) decode images into in-memory buffers. Any publicly facing service using such a library might be vulnerable to DoS attacks without implementing further measures.
+Image processing is a memory-intensive application. Most image processing libraries (including ImageSharp, SkiaSharp and Magick.NET) decode images into in-memory buffers for further processing. Without additional measures, any publicly facing service that consumes images coming from untrusted sources might be vulnerable to DoS attacks attempting to deplate process memory.
 
-For solutions using ImageSharp such measures can be:
+Such measures can be:
 - Authentication, for example by using HMAC. See [Securing Processing Commands in ImageSharp.Web](../imagesharp.web/processingcommands.md#securing-processing-commands).
 - Offloading to separate services/containers.
 - Placing the solution behind a reverse proxy.
@@ -12,7 +12,7 @@ For solutions using ImageSharp such measures can be:
 ```csharp
 Configuration.Default.MemoryAllocator = MemoryAllocator.Create(new MemoryAllocatorOptions()
 {
-    // Note that this limits the maximum image size to 64 megapixels.
+    // Note that this limits the maximum image size to 64 megapixels of Rgba32.
     // Any attempt to create a larger image will throw.
     AllocationLimitMegabytes = 256
 });

From 03ece612605d80785d42a4560d0b56b70fced221 Mon Sep 17 00:00:00 2001
From: James Jackson-South <james_south@hotmail.com>
Date: Mon, 15 Apr 2024 20:27:09 +1000
Subject: [PATCH 3/3] Update articles/imagesharp/security.md

Co-authored-by: Miha Zupan <mihazupan.zupan1@gmail.com>
---
 articles/imagesharp/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/articles/imagesharp/security.md b/articles/imagesharp/security.md
index 36143dbb..19b0ab9c 100644
--- a/articles/imagesharp/security.md
+++ b/articles/imagesharp/security.md
@@ -1,6 +1,6 @@
 # Security Considerations
 
-Image processing is a memory-intensive application. Most image processing libraries (including ImageSharp, SkiaSharp and Magick.NET) decode images into in-memory buffers for further processing. Without additional measures, any publicly facing service that consumes images coming from untrusted sources might be vulnerable to DoS attacks attempting to deplate process memory.
+Image processing is a memory-intensive application. Most image processing libraries (including ImageSharp, SkiaSharp, and Magick.NET) decode images into in-memory buffers for further processing. Without additional measures, any publicly facing service that consumes images coming from untrusted sources might be vulnerable to DoS attacks attempting to deplete process memory.
 
 Such measures can be:
 - Authentication, for example by using HMAC. See [Securing Processing Commands in ImageSharp.Web](../imagesharp.web/processingcommands.md#securing-processing-commands).