From fac423f0b8a8ce2f3eb38b19d5a00e8ed973cfb2 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Sun, 23 Jan 2022 19:22:18 +0100 Subject: Add the AUTHORS and SECURITY sections --- mpaste.1 | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/mpaste.1 b/mpaste.1 index 0d63739..a984338 100644 --- a/mpaste.1 +++ b/mpaste.1 @@ -1,7 +1,7 @@ .\" vi: tw=100 .Dd 23 January, 2022 .Dt MPASTE 1 -.Os POSIX +.Os \*(Px .Sh NAME .Nm mpaste .Nd a simple and minimal paste server @@ -145,4 +145,24 @@ If not set, anyone will be able to POST their pastes to the server. .Sh EXIT STATUS .Ex -std .Sh SEE ALSO -.Xr curl 1 +.Xr curl 1 , +.Xr nginx 1 +.Sh AUTHORS +.An Thomas Voss Aq Mt thomasvoss@live.com +.Sh SECURITY CONSIDERATIONS +If deployed on a public network +.Pq or even on a private one +you should take the following +.Pq non-exhaustive +list of scenarios into consideration: +.Bl -dash +.It +Users uploading exessively large files. You can consider using tools such as +.Xr nginx 1 +to control the maximum allowed file upload size. +.It +Users uploading exessively many files. +.It +Users uploading non-plaintext files. On certain browsers this may prompt a user to download the +hosted content, which is a potential attack vector. +.El -- cgit v1.2.3