Security Of External "images" In Sigs

[morrisjohnny]

Upon researching some required information to complete a topic, i scrolled across a snippet of code which allows you to show YOUR own IP address using php.now surely, if you have the ability to show someone's ip, or the forums (not this one) are loading an external "image" from a url such as http://www.domain.co.uk/show_image.php?img_id=1 on this page. there might well be an image, However how about if the owner then decides to add a php code over the image which then has the ability to execute code off their server. How much damage can be done?What I'm trying to say is surely if someone can display your IP address within an image is it possible to re-direct someone to their web-page? which could be full of inappropriate material such as viruses, or perhaps something like creating a cookie which tracks their page loads and url history and reports back?Just a security concern i though of and wish to learn more about.Thanks-Johnny

[Ingolme]

No, there's no way that they can do anything harmful. All you're getting on the client side is the image. Your browser is the one sending your IP to every single page as a request header. When it sends the request to the server with the image one it, the server just generates the image with the information and sends the image back.You cannot be redirected by a signature image because if the browser receives anything other than an image in response it won't do anything with it.