File: TODO

package info (click to toggle)
coquelicot 0.9.6-1.1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 1,152 kB
  • sloc: ruby: 4,327; sh: 70; makefile: 69
file content (43 lines) | stat: -rw-r--r-- 1,592 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Future plans
============

Here are a list of welcome changes to [Coquelicot]:

 * Implement optional client-side encryption

   Using the new HTML 5FileAPI, encryption and decryption of the files
   could be performed client side instead of server side. See
   the [up-crypt] proof of concept from hellais on how this could be done.

 * More flexible expiration

   It might be interesting to also offer a calendar for specifying
   an exact date after which the file will be unavailable.

 * Hide file size (padding)

   There is currently a real close mapping from original file size to
   stored file size. Original file size will also be recorded in server
   logs. Padding could be used to improve this situation.

 * Investigate more secure encryption algorithm

   Coquelicot currently uses AES-256-CBC. [AES is getting weaker] and
   [CBC mode is subject to Padding Oracle attacks].

 * Make a usable Gem

   Most Ruby stuff is installed using Gem, so Coquelicot should also be
   installable that way. What is mostly missing is an easy way to create
   a default configuration and directories to hold uploaded files and
   temp. data.

 * Better support consecutive uploads

   Previous settings are lost when uploading several files in a row. This
   is clearly suboptimal user experience.

[up-crypt]: https://github.com/hellais/up-crypt
[Coquelicot]: https://coquelicot.potager.org/
[AES is getting weaker]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
[CBC mode is subject to Padding Oracle attacks]: http://www.limited-entropy.com/padding-oracle-attacks