Comments (4)
@maxanier I implemented it and it lives now on the master branch. I was thinking about it more during implementation and I'm not sure if it is such a good feature, as a user can now put in quite simple ids that are easily guessable. After all this page allows to upload much data to your server. Maybe it should be hidden behind a config flagβ¦. But maybe it's just fine to leave it like it is now :)
from sharry.
@maxanier thank you for the feedback! Yeah, I agree that is a reasonable feature request. It shouldn't be very expensive to implement (I think).
from sharry.
Great!
I will update my instance as soon as I find time.
In my use case I am the only registered user, so I can make sure that the used ID's are reasonably hard to guess.
Even if someone random is able to upload something it should not be that big a deal as they can't download it themselves (so no sharing of illegal content) and I can always delete things again. Only concern might be security, not sure if it is possible to upload malicious content to attack the server (ok, probably something like this is always possible, the real question is how difficult :D).
For larger deployments this might be more of a problem I guess
from sharry.
Yes, that's true β it's only an issue for langer deployments. So it's not a pressing thing to solve right now :-) Can think about it if it ever comes up again. Thanks for your thoughts!
from sharry.
Related Issues (20)
- How to fix database corruption ? HOT 4
- "Range: bytes=0-1023" wrong response HOT 1
- [feature request] Allow proxy authorisation HOT 2
- [Feature Request] When upload is complete, call external command to validate file (e.g. scan for virus) HOT 3
- /opt/sharry.conf Permission Denied in Docker HOT 2
- OAuth flow fails with certificate error HOT 6
- Database Error when starting nightly with postgres HOT 1
- sharry.py HOT 2
- [feature request] Delete old files HOT 2
- Azure AD scope is duplicated. HOT 13
- Software version disclose in links HOT 2
- Document sending metadata via the REST API HOT 9
- [Feature Request] Support deployment behind a path
- Configuration of file upload limits HOT 3
- [Feature Request] Allow anonymous uploads to shares. HOT 1
- [FR] Allow expiration and deletion of unpublished shares HOT 4
- Responses contain `Content-Length` header and `Transfer-Encoding:chunked` headers HOT 21
- Allow to change schema when using postgresql
- s3 auth does not seem to support node / service account roles - access key and secret required HOT 3
- Problems with using Keycloak as OAuth provider HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sharry.