mirror/0bin
1
0
Fork 0
mirror of https://github.com/Tygs/0bin.git synced 2023-08-10 21:13:00 +03:00
Code Issues Projects Releases Wiki Activity
76 Commits 4 Branches 7 Tags 4.1 MiB
JavaScript 81.5%
Smarty 8.7%
Python 6.8%
CSS 2.6%
Shell 0.4%
4b1697e794
Go to file
max 4b1697e794 Added error404
2012-05-02 16:23:26 +07:00
libs Added options to the server script 2012-05-01 19:21:21 +07:00
src Merge branch 'master' of github.com:sametmax/0bin 2012-05-01 20:20:33 +07:00
static Typo, again 2012-05-02 00:58:19 +07:00
views Added error404 2012-05-02 16:23:26 +07:00
__init__.py Paste is saved 2012-04-25 01:15:38 +07:00
.gitignore Project bootstrap 2012-04-24 17:22:59 +07:00
README.md Improve readme 2012-05-02 00:35:51 +07:00
screenshot.png Added screenshot and modified README 2012-05-01 21:18:32 +07:00
settings.py ScrollTop when alert appear 2012-05-01 20:46:18 +07:00
start.py Added error404 2012-05-02 16:23:26 +07:00

README.md

0bin

Have try here: 0bin.net

0bin is client side encrypted pastebin that can run without a database.

It allows anybody to host a pastebin while welcoming any type of content to be pasted in it. The idea is that one can (probably...) not be legally entitled to moderate the pastebin content as he/she has no way to decrypt it.

It's an Python implementation of the zerobin project.

How it works

When creating the paste:

  • the browser generate a random key;
  • the pasted content is encrypted with this key using AES256;
  • the encrypted pasted content is sent to the server;
  • the browser receives the paste URL and add the key in the URL hash.

When reading the paste:

  • the browser makes the GET request to the paste URL;
  • because the key is in the hash, the key is not part of the request;
  • browser gets the enrypted content et decrypt it using the key;
  • the pasted content is decrypted and code is colored.

Key points:

  • because the key is in the hash, the key is never sent to the server;
  • therefor it won't appear in the server logs;
  • all operations, including code coloration, must happens on the client;
  • the server is no more than a fancy recipient.

Technologies used

  • Python
  • The Bottle microframework
  • SJCL
  • jQuery
  • Bootstrap
  • Cherrypy (server only)

Known issues

  • 0bin use several HTML5/CSS3 features that are not widely supported. In that case we handle the degradation as gracefully as we can.
  • The "copy to clipboard" feature is buggy under linux. It's flash, so we won't fix it. Better wait for the HTML5 clipboard API to be implemented in major browsers.
  • The pasted content size limit check is not accurate. It's just a safety net, so we thinks it's ok.
  • Some url shorteners and other services storing URLs break the encryption key. We will sanitize the URL as much as we can, but there is a limit to what we can do.

What does 0bin not implement?

  • Request throttling. It would be inefficient to do it at the app level, and web servers have robust implementations.
  • Hash collision: the ratio "probability it happens/consequence seriousness" is not worth it
  • Comments: for now. It's on the todo list.