diff options
| -rw-r--r-- | readme.rst | 19 |
1 files changed, 19 insertions, 0 deletions
@@ -39,6 +39,25 @@ inside shareit directory: The service can be run as a python wsgi service. I tested it under uwsgi. +Limitations +=========== + +Hashes are currently md5 of the content of the file: + +- It is possible to change the file content but having its md5 unchanged. This + can be used to maliciously put a compromised file in place of the original + one. + +- It is possible to change the file name by just downloading the file, and + reuploading it with another name. + +Both risks can be mitigated by protecting upload side with a password in the +webserver configuration. + +It is possible to do better, but my instance has its upload side protected by +a password, thus I'm not in a hurry and I'm open to pull requests if you have +suggestions. + License ======= |