Comments (8)
Thanks for the idea.
It is however not a good thing to implement this, simply because it breaks end-to-end encryption. The encryption key is stored in the share URL. When shortening the URL, you're giving the secret key to the link shortener which is not desirable.
There's a catch though, ffsend
(a CLI for Send) does have this feature implemented with the --shorten
flag.
I hope you understand why I won't be implementing this.
from send.
Thanks for the quick answer, although giving the key to a link shortener that is self hosted on my end doesn't seem like such a big problem.
Thanks for the hint about the ffsend flag! 👍
from send.
Even if you self-host, it still breaks end-to-end encryption. But yes that may be a risk you can accept.
How do you imagine this feature to look like? A shorten button when a file is uploaded, or shorten all share URLs by default based on a configuration property? I assume you'd like to see this for a self hosted Send instance as well.
from send.
Since it would just redirect to the original URL wouldn't it work just like it did before?
That would probably be the easiest option, after you're presented with the link adding an additional button to shorten it through the link shortener. And then you're presented with the shortened version below.
The link shortener then manages the redirection and the original send link stays the same.
In this case it won't break the original url with the decryption key and the shortened version still would be quite difficult to guess since this and most other link shortener services are case sensitive.
from send.
See this as an example:
https://link.*****.ch/MA6X
I manually shortened it after I got the original send link.
from send.
Oh yes, this is definitely something that works. I meant to say that this breaks end-to-end encryption from a security standpoint.
To better describe why this is the case: You want the uploading and the downloading user to be an 'end', with no possibility for a third party in between to read your files. When using a link shortener, the shortener gets to know the secret key, essentially breaking this concept. Yet again, even though this breaks end-to-end encryption from a security standpoint, it does still work and it might be a risk you can accept.
In any case, I'd be fine with it to get it implemented behind a configuration property. I'm quite busy the upcoming weeks though, so I'm not sure when I have time to implement this. You mentioned that you don't have much programming experience, feel free to give implementing part of it a try and ask for help here. If there's anybody else who'd like to give it a go, please do!
from send.
I've added an implementation issue for this over on GitLab: https://gitlab.com/timvisee/send/-/issues/21
from send.
The encryption key is stored in the share URL. When shortening the URL, you're giving the secret key to the link shortener which is not desirable.
Would this still be still be an issue if putting a password on the send?
from send.
Related Issues (20)
- Fix code scanning alert - Missing rate limiting
- Fix code scanning alert - Incomplete multi-character sanitization
- [GUIDE] What to do if you want to host Send with local database using docker compose on arm64 and nothing works HOT 1
- Total max file size of an instance HOT 2
- Transfer speed drops considerably as soon as the tab is not active HOT 3
- SSO or LDAP auth
- Fix permission on upload folder in docker HOT 2
- Anyone figured out a way to force dark mode? HOT 4
- Any way to make the upload accessible only for internal users and download for external? HOT 2
- If you click the logo then you're redirected to the homepage. How can I turn this off? HOT 2
- Logo reverse back after npm run build
- Error with redirection because of the # in the last part of the link url
- Add `unlimited` as an option for max downloads when sharing a file
- Uploading a folder not working HOT 2
- CUSTOM_DESCRIPTION does not seem to work
- Using send with password behind apache reverse proxy failed HOT 2
- Uploads fail after Send has been running for a extended period fo time HOT 1
- Can`t install Send
- Is it possible to recover an expired link data? HOT 1
- customizing the text under Simple, private file sharing HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from send.