New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a recipient metadata/field for additional authentication via reverse-proxy #1096
Comments
Thank you for sharing your work. I'm always happy to hear that this tool gets real-world use and to hear about usage scenarios that I hadn't considered before. Q: Is there a plugin system in PrivateBin? Q: What do you think of such feature?
As such, I could see this being integrated into the main project, as an optional feature that requires extra configuration steps in the webserver to make use of. These extra steps should be described on a dedicated document, for example a wiki page mirroring the Restrict upload using NGINX one. What do other folks think about adding this feature? What risks would this introduce, apart from increasing complexity? |
Thanks for this feedback, it started as a hack idea I thought would be simple ("Just a simple field and an I opted for unencrypted (clear on server's disk) but secured (cannot be altered without breaking the authenticity of the paste) I also did not bother to update the test suite because I wasn't still sure how the hack would be accepted (but I took a look at it and it seemed doable). You are right about the generic "recipient" field: Because it depends on third-party authentication it can be anything (user name, e-mail address, group name, etc.). Depending on an external auth is the thing I was the more afraid of (for public acceptance of this hack) because it seemed a niche use-case (very few PrivateBin alternative have an user management system: I've tested some before opting for PrivateBin as a base for my hack). In the end, the field can be seen as an "optional external authorizator": PrivateBin delegates access verification to an external system. |
I think this is useless and also goes against the project's principle of "knowing" something about the stored data, the sender and the recipient (not considering cases where local law requires logging). |
I did not have a look into the code base, but from what I say: Hmm, how?
I am not strictly opposed here, but yeah it alters one of the fundamental "principles" of PrivateBin (we never really documented that though?). But compared to all that Google Cloud Storage support etc. this change really looks soo small, so that may sound like a good idea. Also I could imagine this being helpful for requests like this: #1132 Code stuffThis is not supposed to be a code review, but some things:
|
For an internal use case I need to add a "recipient" metadata to pastes.
The goal was to:
(for about 150 non-tech users)
So I have made a small hack on a fork: https://github.com/C-Duv/PrivateBin/tree/feat/add_recipient_to_documents
It adds a recipient metadata in
adata
(at index4
) and the corresponding text field on the web GUI.If set, the instance checks if recipient matches when displaying the paste.
It works as follows:
(If no recipient is set, the behavior of the application is unchanged: like if my changes don't exist)
.htpasswd
, OpenID Connect SSO, LDAP, whatever, …)So, the "recipient" value is dependent on the authentication system used.
What do you think of such feature? How could it be more nicely integrated into PrivateBin? Using a plugin (is there even a plugin system)?
The text was updated successfully, but these errors were encountered: