Open BatisteDONDOGLIO opened 3 weeks ago
reinoudb
commented
3 weeks ago Would be pretty cool. The only thing im not sure about is:
BatisteDONDOGLIO
commented
3 weeks ago Would be pretty cool. The only thing im not sure about is: - Make the file expire instantly after X failed attempts This would make it possible for someone to delete someone else shared files
You have a good point actually. But as I've stated in the final note, all of these features would preferably have to be entirely optional, and not enforced by default.
So if a user explicitly wants to enable such a feature, they should be aware of the possible implications and/or drawbacks for doing so.
In any case, I just listed a few ideas that came into mind while writing up about the issue, so I'm sure there are better alternatives :)
thmmsn
commented
3 weeks ago I disagree with enforcing password policies.
Fail2ban sounds like a better implementation.
BatisteDONDOGLIO
commented
3 weeks ago I disagree with enforcing password policies.
Again, no enforcing.
Everything listed under the suggested features should be optional features. Meaning the user decides whether or not to enforce a password policy for their files.
It should NOT be the default.
Observed issue:
From the tests I've been conducting, it is fairly easy to bruteforce the password that's been set on a shared file, as the current implementation of Send doesn't prevent the user from trying incorrect passwords indefinitely without any restrictions.
Suggested security features:
Final note:
Ideally, this could be all optional features that can be selected when uploading the file. This way, people who don't want to add extra security don't have to.