search

oxzi / gosh

Authenticationless HTTP file upload server
GNU General Public License v3.0
16 stars 2 forks source link

Enable longer IDs for URL #34

Closed riotbib closed 11 months ago

riotbib commented 1 year ago

Enabling longer identifiers aka IDs in the URL would decrease the discoverability of a file if this is wanted.

@oxzi, do you think this feature would be beneficial? If so, please do draft up what changes ought to be made and I'll take a try.

This could be an optional flag to be set.

oxzi commented 1 year ago

Thanks for your request.

Enabling longer identifiers aka IDs in the URL would decrease the discoverability of a file if this is wanted.

The current IDs are 32 bits long. This results in 2^32 (4 294 967 296) possible combinations, which are, in my opinion, hard to guess over a web based protocol[0]. At the moment making this decision, I found this "hard" enough. However, this always depends on your use case or even threat level.

@oxzi, do you think this feature would be beneficial? If so, please do draft up what changes ought to be made and I'll take a try.

Of course, the ID's length could be made configurable. Recently I had the idea to replace the base58 encoded URL with random words from a word list, creating NSA operation like names.

[0] https://github.com/oxzi/gosh/blob/a2776d4b6975ca33274039c8ef1d9fe1edc639b7/internal/storage.go#L107-L110

riotbib commented 1 year ago

Thanks for getting back to me so fast!

Of course, the ID's length could be made configurable. Recently I had the idea to replace the base58 encoded URL with random words from a word list, creating NSA operation like names.

Haha, nice idea. Do hit me up, if you want feedback or help for that.

riotbib commented 1 year ago

Closing this issue, since it's not my top priority; but I do would be happy about that NSA operation names fun.