Randomized URL path? #31
Labels
No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: mia/0x0#31
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Sometimes I upload 2 files in a short period of time to 0x0.st and the returned URLs would be like
https://0x0.st/aAAA.sh
andhttps://0x0.st/aAAB.sh
- if I upload a .sh file again, it would behttps://0x0.st/aAAC.sh
.I don't think it's a very good idea from a security perspective to use sequential:
I also use file.io for file sharing and it seems that file.io returns randomized URLs like
file.io/x0S9aORy8O2c
, and returns a completely different URL for the next upload, which feels more secure.You can test file.io with
curl -F file=@<path-to-the-file>" "https://file.io/?expires=1d"
.I'm not in favor if this became default. Having it work like that if the URL had
?private=1
or something of the sort would be better.What are your reasons? @rany2
@tddschn Keeping the URL short and easy to type.
Yeah that makes sense @rany2.
But randomized URLs can also be short and easy to type. :)
checkout nanoid
I don't think having a randomized url really influences security considering that 0x0 there's no access control in general and has no way to set a link to be expiring or unusable after one click, as compared to file.io.
Plus, I've seen more people use 0x0 to share small stuff like patch files and sample video clips etc than use it for confidential sharing. If you are looking for something like that, maybe something like https://github.com/schollz/croc or even ipfs might be a better choice (if limited to open source tools) since for croc, it's a one-time transfer (although you lose the URL access) and for ipfs, I think it would be harder to guess a hash as compared to a URL and you can choose to delete or add whenever you want, at least locally, not entirely sure if I grasp ipfs so I could be wrong.