diff options
| author | jvoisin | 2019-02-22 21:20:51 +0100 |
|---|---|---|
| committer | jvoisin | 2019-02-22 21:20:51 +0100 |
| commit | f436da05399199af59ff074e3450c584f35aa7e0 (patch) | |
| tree | 18415ec1f4c05bfdcb4cf2755b969f40df25974f /README.md | |
| parent | aee0940b511486b35ef2c2d0607f4cd2c0b50f23 (diff) | |
Add a small threat model
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 10 |
1 files changed, 10 insertions, 0 deletions
| @@ -93,6 +93,16 @@ systemctl restart nginx/apache/… | |||
| 93 | 93 | ||
| 94 | It should now be working. | 94 | It should now be working. |
| 95 | 95 | ||
| 96 | # Threat model | ||
| 97 | |||
| 98 | - An attacker in possession of the very same file that a user wants to clean, | ||
| 99 | along with its names, can perform a denial of service by continually | ||
| 100 | requesting this file, and getting it before the user. | ||
| 101 | - An attacker in possession of only the name of a file that a user wants to | ||
| 102 | clean can't perform a denial of service attack, since the path to download | ||
| 103 | the cleaned file is not only dependant of the name, but also the content. | ||
| 104 | - The server should do its very best to delete files as soon as possible. | ||
| 105 | |||
| 96 | # Licenses | 106 | # Licenses |
| 97 | 107 | ||
| 98 | - mat2-web is under MIT | 108 | - mat2-web is under MIT |