@monkz commented on GitHub:
And if you return two urls - it would break the current API.
@pepa65 commented on GitHub:
Great idea, but definitely prefer the first form:
https://transfer.sh/<random_code>/<filename>
https://transfer.sh/delete/<another_very_different_random_code>/<…
@monkz commented on GitHub:
An attacker has access to multiple IP addresses and introducing ratelimits is the same as introducing a denial-of-service attack vector. @ribamar-santarosa : so your…
@ribamar-santarosa commented on GitHub:
how did you get to that conclusion? how can they take advantage of having multiple IPs to change or fake the IP of the creation of the file? And how about…
@monkz commented on GitHub:
I would opt for the first as default, and the second may be returned if /json is at the end of the url.
This would be analog to the "Scan for malware"-example.
Bu…
@ribamar-santarosa commented on GitHub:
Can't you use the creation time (or another file attribute, or another creation attribute, like IP of upload ) as a simple pin code to delete the file? 3…
@macblazer commented on GitHub:
I've generated an appropriate CSV file from the data in the CC GPOS Control Mappings.pdf at the above link. Running the scripts/generate_mapping.py on it…
@robertgendler commented on GitHub:
Closing issue. Without an owner of the baseline, we won't be implementing this.
@Anachron commented on GitHub:
@monkz why not let the user specify a deletion secret himself (which is optional) and can be passed as POST param?
@monkz commented on GitHub:
@Anachron: interesting approach - making the API enhancement optional! I was total fix on default API behaviour - my bad.
We've already parameters for max downloads…
@Anachron commented on GitHub:
I mostly use transfer.sh to upload logs/config files to share them temporarly. (like for debugging or help a user out)
Now I was thinking about generating a…
@paolafrancesca commented on GitHub:
@Anachron I'm indeed now an admin of the repo. I want to understand what's the needing behind the option to delete a file: I can see two:
- purge storage…
@nl5887 commented on GitHub:
I have thought before about this issue, and thought about returning an extra X-Url-Delete header, which would not interfere with current api / scripts and could be…
@pepa65 commented on GitHub:
Using the Max-Days header is a good idea. But sometimes if you change your mind, it is good to have the option to delete a file (in a way that others can't delete…