1
0
mirror of https://github.com/Tygs/0bin.git synced 2023-08-10 21:13:00 +03:00
0bin/docs/.build/html/en/intro.html

197 lines
9.5 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Introduction &mdash; 0bin 0.1 documentation</title>
<link rel="stylesheet" href="../_static/default.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '0.1',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<link rel="top" title="0bin 0.1 documentation" href="../index.html" />
<link rel="next" title="Easiest installation" href="easy_install.html" />
<link rel="prev" title="0bins documentation" href="../index.html" />
</head>
<body>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="easy_install.html" title="Easiest installation"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="../index.html" title="0bins documentation"
accesskey="P">previous</a> |</li>
<li><a href="../index.html">0bin 0.1 documentation</a> &raquo;</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<div class="section" id="introduction">
<h1>Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline"></a></h1>
<p>0bin allows anybody to host a pastebin while welcoming any type of content to
be pasted in it. The idea is that one can (probably...) not be legally entitled
to <a class="reference external" href="http://www.zdnet.com/blog/security/pastebin-to-hunt-for-hacker-pastes-anonymous-cries-censorship/11336">moderate the pastebin content</a> as he/she has no way to decrypt it.</p>
<p>It&#8217;s an Python implementation of the
<a class="reference external" href="https://github.com/sebsauvage/ZeroBin/">zerobin project</a>. It&#8217;s easy to
install even if you know nothing about Python.</p>
<div class="section" id="how-it-works">
<h2>How it works<a class="headerlink" href="#how-it-works" title="Permalink to this headline"></a></h2>
<p>When creating the paste:</p>
<ul class="simple">
<li>the browser generate a random key;</li>
<li>the pasted content is encrypted with this key using AES256;</li>
<li>the encrypted pasted content is sent to the server;</li>
<li>the browser receives the paste URL and add the key in the URL hash (#).</li>
</ul>
<p>When reading the paste:</p>
<ul class="simple">
<li>the browser makes the GET request to the paste URL;</li>
<li>because the key is in the hash, the key is not part of the request;</li>
<li>browser gets the encrypted content et decrypt it using the key;</li>
<li>the pasted decrypted content is displayed and code is colored.</li>
</ul>
<p>Key points:</p>
<ul class="simple">
<li>because the key is in the hash, the key is never sent to the server;</li>
<li>therefor it won&#8217;t appear in the server logs;</li>
<li>all operations, including code coloration, must happens on the client;</li>
<li>the server is no more than a fancy recipient for the encrypted data.</li>
</ul>
</div>
<div class="section" id="other-features">
<h2>Other features<a class="headerlink" href="#other-features" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li>automatic code coloration (no need to specify);</li>
<li>pastebin expiration: 1 day, 1 month or never;</li>
<li>burn after reading: the paste is destroyed after the first reading;</li>
<li>clone paste: you can&#8217;t edit a paste, but you can duplicate any of them;</li>
<li>code upload: if a file is too big, you can upload it instead of using copy/paste;</li>
<li>copy paste to clipboard in a click;</li>
<li>get paste short URL in a click;</li>
<li>own previous pastes history;</li>
<li>visual hash of a paste to easily tell it appart from others in a list.</li>
</ul>
</div>
<div class="section" id="technologies-used">
<h2>Technologies used<a class="headerlink" href="#technologies-used" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li><a class="reference external" href="https://en.wikipedia.org/wiki/Python_(programming_language)">Python</a></li>
<li><a class="reference external" href="http://bottlepy.org/">The Bottle Python Web microframework</a></li>
<li><a class="reference external" href="http://crypto.stanford.edu/sjcl/">SJCL</a> (js crypto tools)</li>
<li><a class="reference external" href="http://jquery.com/">jQuery</a></li>
<li><a class="reference external" href="http://twitter.github.com/bootstrap/">Bootstrap</a>, the twitter HTML5/CSS3 framework</li>
<li><a class="reference external" href="https://github.com/sametmax/VizHash.js">VizHash.js</a> to create visual hashes from pastes</li>
<li><a class="reference external" href="http://www.cherrypy.org/(serveronly)">Cherrypy</a> (server only)</li>
</ul>
</div>
<div class="section" id="known-issues">
<h2>Known issues<a class="headerlink" href="#known-issues" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li>0bin use several HTML5/CSS3 features that are not widely supported. In that case we handle the degradation as gracefully as we can.</li>
<li>The &#8220;copy to clipboard&#8221; feature is buggy under linux. It&#8217;s flash, so we won&#8217;t fix it. Better wait for the HTML5 clipboard API to be implemented in major browsers.</li>
<li>The pasted content size limit check is not accurate. It&#8217;s just a safety net, so we thinks it&#8217;s ok.</li>
<li>Some url shorteners and other services storing URLs break the encryption key. We will sanitize the URL as much as we can, but there is a limit to what we can do.</li>
</ul>
</div>
<div class="section" id="what-does-0bin-not-implement">
<h2>What does 0bin not implement?<a class="headerlink" href="#what-does-0bin-not-implement" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li>Request throttling. It would be inefficient to do it at the app level, and web servers have robust implementations for it.</li>
<li>Hash collision: the ratio &#8220;probability it happens/consequence seriousness&#8221; &lt;a href=&#8221;<a class="reference external" href="http://stackoverflow.com/questions/201705/how-many-random-elements-before-md5-produces-collisions">http://stackoverflow.com/questions/201705/how-many-random-elements-before-md5-produces-collisions</a>&#8220;is not worth it&lt;/a</li>
<li>Comments: it was initially planed. But comes with a lot of issues so we chose to focus on lower handing fruits.</li>
</ul>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<h3><a href="../index.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">Introduction</a><ul>
<li><a class="reference internal" href="#how-it-works">How it works</a></li>
<li><a class="reference internal" href="#other-features">Other features</a></li>
<li><a class="reference internal" href="#technologies-used">Technologies used</a></li>
<li><a class="reference internal" href="#known-issues">Known issues</a></li>
<li><a class="reference internal" href="#what-does-0bin-not-implement">What does 0bin not implement?</a></li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="../index.html"
title="previous chapter">0bin&#8217;s documentation</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="easy_install.html"
title="next chapter">Easiest installation</a></p>
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../_sources/en/intro.txt"
rel="nofollow">Show Source</a></li>
</ul>
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="easy_install.html" title="Easiest installation"
>next</a> |</li>
<li class="right" >
<a href="../index.html" title="0bins documentation"
>previous</a> |</li>
<li><a href="../index.html">0bin 0.1 documentation</a> &raquo;</li>
</ul>
</div>
<div class="footer">
&copy; Copyright 2012, Sam et Max.
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
</div>
</body>
</html>