Custom share codes

[zekroTJA]

It would be awesome if you could define a custom code for a created paste.

I think a good way to implement this would be to set an alias which points to the original paste, which still has the ID. This way, the custom code can be changed via the modification key.

[lus]

Hello. I thought about this a bit and I see several ways this can be exploited:

• someone creates n pastes and blocks several share codes just to block them
• someone creates share codes that are likely to be misinterpreted to be an official page (for example pasty.lus.pm/about)

I would feel more safe if we would implement this feature but restrict it to admins only. Only admins can create and manage share codes that link to specific pastes, the public instance would very rarely provide these codes unless a trusted user requests them.

What do you think about this? Do you have other ideas on how to keep the risk of this as low as possible?

[zekroTJA]

Sure, didn't really thought about this beforehand.

To combat these issues, I would implement the following guardrails:

• There is a list of preserved codes that can not be taken by users (i.E. about, robots.txt, index.html, ... – it would be a somewhat extensive list though)
• Creating custom share codes is handled under a much more strict rate limiting than creating pastes with random codes. This way, one could not ismply write a script to allocate a bunch of preserved codes.

Also, the following options could be considered, but are not necessary.

• Custom codes do not have an unlimited lifetime by default. There could be a group of users that can create unlimited lifetime share links. That could either be the aforementioned list of admins or VIPs (or maybe even a payed tier? :eyes:)
• Custom codes must have a minimum length of – let's say – 5 or so characters.

That would be my idea. Just implementing the feature and locking it for a specific group of users all together would be a bit pointless in my opinion. But feel free to express your thoughts about these suggestions. :)

[lus]

Thank you for your thoughts.

I am still not sure whether I want users to be able to freely create such vanity URLs, I just think the potential of misuse is a bit too big. No other pastebins have this feature open to the public as far as I am aware and if we would do this, we should think twice about how we do it and how to protect it. I like your ideas on how to minimize the risks and I think there really is no other way that would align with the philosophy of this project, but in the end pasty is deployed by many users other than me and distributing a steadily expanded blacklist of vanity URLs across all of them could become quite a tricky task. I really like the feature though, so I am not going to deny it, but rather postpone its implementation. Maybe I can implement the admin-only version in an earlier version and carefully think about a public-ready version in the future.