Add the AUTHORS and SECURITY sections

author: Thomas Voss <mail@thomasvoss.com> 2022-01-23 19:22:18 +0100
committer: Thomas Voss <mail@thomasvoss.com> 2022-01-23 19:22:18 +0100
commit: fac423f0b8a8ce2f3eb38b19d5a00e8ed973cfb2 (patch)
tree: 329159e96bb6d157c222fc750cf30a48b1789673 /mpaste.1
parent: eafc19c316c736ead034500c7297c97b1e95805c (diff)
1 files changed, 22 insertions, 2 deletions
diff --git a/mpaste.1 b/mpaste.1
index 0d63739..a984338 100644
--- a/mpaste.1
+++ b/mpaste.1
@@ -1,7 +1,7 @@
 .\" vi: tw=100
 .Dd 23 January, 2022
 .Dt MPASTE 1
-.Os POSIX
+.Os \*(Px
 .Sh NAME
 .Nm mpaste
 .Nd a simple and minimal paste server
@@ -145,4 +145,24 @@ If not set, anyone will be able to POST their pastes to the server.
 .Sh EXIT STATUS
 .Ex -std
 .Sh SEE ALSO
-.Xr curl 1
+.Xr curl 1 ,
+.Xr nginx 1
+.Sh AUTHORS
+.An Thomas Voss Aq Mt thomasvoss@live.com
+.Sh SECURITY CONSIDERATIONS
+If deployed on a public network
+.Pq or even on a private one
+you should take the following
+.Pq non-exhaustive
+list of scenarios into consideration:
+.Bl -dash
+.It
+Users uploading exessively large files. You can consider using tools such as
+.Xr nginx 1
+to control the maximum allowed file upload size.
+.It
+Users uploading exessively many files.
+.It
+Users uploading non-plaintext files. On certain browsers this may prompt a user to download the
+hosted content, which is a potential attack vector.
+.El
author	Thomas Voss <mail@thomasvoss.com>	2022-01-23 19:22:18 +0100
committer	Thomas Voss <mail@thomasvoss.com>	2022-01-23 19:22:18 +0100
commit	fac423f0b8a8ce2f3eb38b19d5a00e8ed973cfb2 (patch)
tree	329159e96bb6d157c222fc750cf30a48b1789673 /mpaste.1
parent	eafc19c316c736ead034500c7297c97b1e95805c (diff)