mirror of https://github.com/Tygs/0bin.git
minor readme fixes
This commit is contained in:
Martin Dreher
parent
2392e357f9
commit
99eaad3cef
16
README.rst
16
README.rst
|
|
@ -27,23 +27,23 @@ How it works
|
|||
|
||||
When creating the paste:
|
||||
|
||||
- the browser generate a random key;
|
||||
- the browser generates a random key;
|
||||
- the pasted content is encrypted with this key using AES256;
|
||||
- the encrypted pasted content is sent to the server;
|
||||
- the browser receives the paste URL and add the key in the URL hash (#).
|
||||
- the browser receives the paste URL and adds the key in the URL hash (#).
|
||||
|
||||
When reading the paste:
|
||||
|
||||
- the browser makes the GET request to the paste URL;
|
||||
- because the key is in the hash, the key is not part of the request;
|
||||
- browser gets the encrypted content et decrypt it using the key;
|
||||
- the pasted decrypted content is displayed and code is colored.
|
||||
- browser gets the encrypted content end decrypts it using the key;
|
||||
- the pasted decrypted content is displayed and sourcecode is highlighted.
|
||||
|
||||
Key points:
|
||||
|
||||
- because the key is in the hash, the key is never sent to the server;
|
||||
- therefor it won't appear in the server logs;
|
||||
- all operations, including code coloration, must happens on the client;
|
||||
- therefore it won't appear in the server logs;
|
||||
- all operations, including code coloration, happen on the client-side;
|
||||
- the server is no more than a fancy recipient for the encrypted data.
|
||||
|
||||
Other features
|
||||
|
|
@ -76,7 +76,7 @@ Known issues
|
|||
|
||||
- 0bin uses several HTML5/CSS3 features that are not widely supported. In that case we handle the degradation as gracefully as we can.
|
||||
- The "copy to clipboard" feature is buggy under linux. It's flash, so we won't fix it. Better wait for the HTML5 clipboard API to be implemented in major browsers.
|
||||
- The pasted content size limit check is not accurate. It's just a safety net, so we thinks it's ok.
|
||||
- The pasted content size limit check is not accurate. It's just a safety net, so we think it's ok.
|
||||
- Some url shorteners and other services storing URLs break the encryption key. We will sanitize the URL as much as we can, but there is a limit to what we can do.
|
||||
|
||||
What does 0bin not implement?
|
||||
|
|
@ -84,7 +84,7 @@ What does 0bin not implement?
|
|||
|
||||
* Request throttling. It would be inefficient to do it at the app level, and web servers have robust implementations for it.
|
||||
* Hash collision prevention: the ratio "probability it happens/consequence seriousness" `is not worth it`_
|
||||
* Comments: it was initially planed. But comes with a lot of issues so we chose to focus on lower handing fruits.
|
||||
* Comments: it was initially planed. But comes with a lot of issues so we chose to focus on lower hanging fruits.
|
||||
|
||||
|
||||
.. _moderate the pastebin content: http://www.zdnet.com/blog/security/pastebin-to-hunt-for-hacker-pastes-anonymous-cries-censorship/11336
|
||||
|
|
|
|||
Loading…
Reference in New Issue