I got a request from a security team about uploaded images.
They asked whether it is possible to clean out uploaded images from personal information.
When a user uploads an image, the uploaded image’s EXIF Geo location Data does not get stripped. As a result, anyone can get sensitive information of users like their Geo-location, their Device information like Device Name, Version, Software & Software version used, etc.
Is there any way to process uploaded images and exclude such information from it?
p.s. you can use https://exifdata.com/ to read meta data of image.
Q2A seems to be using imagecreatefromstring() for converting uploaded image data back to actual images. To my knowledge that function does not preserve EXIF data, and Q2A also doesn't seem to restore EXIF information from the uploaded data.
Welcome to the Q&A site for Question2Answer.
If you have a question about Q2A, please ask here, in English.
To report a bug, please create a new issue on Github or ask a question here with the bug tag.
If you just want to try Q2A, please use the demo site.
