aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorThomas Voss <mail@thomasvoss.com> 2022-01-23 19:22:18 +0100
committerThomas Voss <mail@thomasvoss.com> 2022-01-23 19:22:18 +0100
commitfac423f0b8a8ce2f3eb38b19d5a00e8ed973cfb2 (patch)
tree329159e96bb6d157c222fc750cf30a48b1789673
parenteafc19c316c736ead034500c7297c97b1e95805c (diff)
Add the AUTHORS and SECURITY sections
-rw-r--r--mpaste.124
1 files changed, 22 insertions, 2 deletions
diff --git a/mpaste.1 b/mpaste.1
index 0d63739..a984338 100644
--- a/mpaste.1
+++ b/mpaste.1
@@ -1,7 +1,7 @@
.\" vi: tw=100
.Dd 23 January, 2022
.Dt MPASTE 1
-.Os POSIX
+.Os \*(Px
.Sh NAME
.Nm mpaste
.Nd a simple and minimal paste server
@@ -145,4 +145,24 @@ If not set, anyone will be able to POST their pastes to the server.
.Sh EXIT STATUS
.Ex -std
.Sh SEE ALSO
-.Xr curl 1
+.Xr curl 1 ,
+.Xr nginx 1
+.Sh AUTHORS
+.An Thomas Voss Aq Mt thomasvoss@live.com
+.Sh SECURITY CONSIDERATIONS
+If deployed on a public network
+.Pq or even on a private one
+you should take the following
+.Pq non-exhaustive
+list of scenarios into consideration:
+.Bl -dash
+.It
+Users uploading exessively large files. You can consider using tools such as
+.Xr nginx 1
+to control the maximum allowed file upload size.
+.It
+Users uploading exessively many files.
+.It
+Users uploading non-plaintext files. On certain browsers this may prompt a user to download the
+hosted content, which is a potential attack vector.
+.El