Here are a list of welcome changes to [Coquelicot]:
* Implement optional client-side encryption
Using the new HTML 5FileAPI, encryption and decryption of the files
could be performed client side instead of server side. See
the [up-crypt] proof of concept from hellais on how this could be done.
* More flexible expiration
It might be interesting to also offer a calendar for specifying
an exact date after which the file will be unavailable.
* Hide file size (padding)
There is currently a real close mapping from original file size to
stored file size. Original file size will also be recorded in server
logs. Padding could be used to improve this situation.
* Investigate more secure encryption algorithm
Coquelicot currently uses AES-256-CBC. [AES is getting weaker] and
[CBC mode is subject to Padding Oracle attacks].
* Make a usable Gem
Most Ruby stuff is installed using Gem, so Coquelicot should also be
installable that way. What is mostly missing is an easy way to create
a default configuration and directories to hold uploaded files and
* Better support consecutive uploads
Previous settings are lost when uploading several files in a row. This
is clearly suboptimal user experience.
[AES is getting weaker]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
[CBC mode is subject to Padding Oracle attacks]: http://www.limited-entropy.com/padding-oracle-attacks