just images
Asheesh Laroia paulproteus
tar cf - --exclude .Trash --exclude Library/Caches --exclude Library/Cookies --exclude Library/Metadata/CoreSpotlight --exclude Library/PersonalizationPortrait --exclude Library/Safari --exclude Library/Containers --exclude 'Library/Group Containers' --exclude Library/Suggestions . | pv > /dev/null
This document explains some risks of server-side image processing and explains a technique to make that much safer. I recommend using this technique.
For a web app that is running in Docker, it's helpful to delegate work such as image conversion to a subprocess. We can confine subprocesses so they can only access non-sensitive data by using Linux security features while running them in the same Docker container as the full web app. This allows for complete mitigation of security issues in the subprocesses with maximum convenience and minimal slowdown.
Every few years, complex packages like imagemagick have critical security bugs; people find about one issue per month
OlderNewer