Accueil Explorer Aide
Connexion
Banana
/
selfpaste
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 784fc7581b
Branches Tags
selfpaste
/
documentation
/
security.txt

security.txt 1.1 KB
Historique Raw

12345678910111213141516171819202122232425262728293031 
  1. With this tool you provide a remote upload space for everyone.
    2. 

  2. Unless you:
    3. 

  3. 

  4.     - Keep your secret a secret
    5. 

  5.     - Do not use it publicly
    6. 

  6.     - Do not promote it as a new paste platform
    7. 

  7.     - Change your secret often
    8. 

  8. 

  9. 

  10. This tool uses PHP fileinfo: https://www.php.net/manual/en/intro.fileinfo.php
    11. 

  11. 

  12. > The functions in this module try to guess the content type and encoding of a file
    13. 

  13. > by looking for certain magic byte sequences at specific positions within the file.
    14. 

  14. > While this is not a bullet proof approach the heuristics used do a very good job.
    15. 

  15. 

  16. It is not really bulletproof, but it does the job. Everything can be manipulated
    17. 

  17. to look alike something it isn't.
    18. 

  18. 

  19. So, here is a friendly REMINDER:
    20. 

  20. 

  21.     - Use at own risk.
    22. 

  22.     - Don't open it up to the public
    23. 

  23.     - Check regularly what is added
    24. 

  24.     - Clean everything what you do not know
    25. 

  25.     - You provide the service by hosting it. Your are responsible for it!
    26. 

  26.     - Change your secret often
    27. 

  27. 

  28. Make sure DEBUG is false for production.
    29. 

  29. 

  30. Protect the storage location from direct access. Default solved with a .htaccess
    31. 

  31. file. Better solution is to move the location outside the webroot.
    32.