greptilian logo

IRC log for #sourcefu, 2017-11-17

http://sourcefu.com

| Channels | #sourcefu index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

All times shown according to UTC.

Time S Nick Message
00:13 pdurbin prologic: yeah man, add some auth for goodness sake. Problem solved. :)
02:46 prologic pdurbin so like I'm thinking of: yourdomain.com/abc123?key=<key>
02:46 prologic where <key> is auto-generated by the server on upload
02:46 prologic so that the key is only valid for that paste/image/whatever
02:46 prologic Is this more or less secure than just a URI with a uuid of length N
02:47 prologic or about the same as a URI + uuid of length M where M > N
04:56 kzisme joined #sourcefu
04:56 kzisme o/
11:33 pdurbin prologic: sounds fine
11:34 pdurbin welcome, kzisme
15:21 dotplus prologic: In practical terms, I don't see any difference in either security or UX between those approaches. am I missing something?
17:18 prologic dotplus that's my point
17:18 prologic I don't think there is either
17:18 prologic just make the UUID's longer so they are more expensive to guess/crawl
17:19 prologic and rate limit access to make illegitimate access (crawling) harder to do
20:43 prologic joined #sourcefu
21:21 prologic joined #sourcefu
21:28 dotplus agreed
23:54 bear human friendly version of that is to have a short short-code and then require a key for auth, if key is present in the url then redirect to a login form -- makes it human friendly and crawler unfriendly
23:55 bear you get the benefit of a short-lived key for one-off's and historical access by humans

| Channels | #sourcefu index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

http://sourcefu.com