aboutsummaryrefslogtreecommitdiffhomepage
path: root/doc/Security.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc/Security.html')
-rw-r--r--doc/Security.html62
1 files changed, 44 insertions, 18 deletions
diff --git a/doc/Security.html b/doc/Security.html
index 914fa507..b1969a4c 100644
--- a/doc/Security.html
+++ b/doc/Security.html
@@ -4,31 +4,49 @@
4 <meta charset="utf-8"> 4 <meta charset="utf-8">
5 <meta name="generator" content="pandoc"> 5 <meta name="generator" content="pandoc">
6 <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes"> 6 <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes">
7 <title>Shaarli - Security</title> 7 <title>Shaarli Security</title>
8 <style type="text/css">code{white-space: pre;}</style> 8 <style type="text/css">code{white-space: pre;}</style>
9 <!--[if lt IE 9]>
10 <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
11 <![endif]-->
12 <style type="text/css"> 9 <style type="text/css">
10div.sourceCode { overflow-x: auto; }
13table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode { 11table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
14 margin: 0; padding: 0; vertical-align: baseline; border: none; } 12 margin: 0; padding: 0; vertical-align: baseline; border: none; }
15table.sourceCode { width: 100%; line-height: 100%; } 13table.sourceCode { width: 100%; line-height: 100%; }
16td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; } 14td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
17td.sourceCode { padding-left: 5px; } 15td.sourceCode { padding-left: 5px; }
18code > span.kw { color: #007020; font-weight: bold; } 16code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
19code > span.dt { color: #902000; } 17code > span.dt { color: #902000; } /* DataType */
20code > span.dv { color: #40a070; } 18code > span.dv { color: #40a070; } /* DecVal */
21code > span.bn { color: #40a070; } 19code > span.bn { color: #40a070; } /* BaseN */
22code > span.fl { color: #40a070; } 20code > span.fl { color: #40a070; } /* Float */
23code > span.ch { color: #4070a0; } 21code > span.ch { color: #4070a0; } /* Char */
24code > span.st { color: #4070a0; } 22code > span.st { color: #4070a0; } /* String */
25code > span.co { color: #60a0b0; font-style: italic; } 23code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
26code > span.ot { color: #007020; } 24code > span.ot { color: #007020; } /* Other */
27code > span.al { color: #ff0000; font-weight: bold; } 25code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
28code > span.fu { color: #06287e; } 26code > span.fu { color: #06287e; } /* Function */
29code > span.er { color: #ff0000; font-weight: bold; } 27code > span.er { color: #ff0000; font-weight: bold; } /* Error */
28code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
29code > span.cn { color: #880000; } /* Constant */
30code > span.sc { color: #4070a0; } /* SpecialChar */
31code > span.vs { color: #4070a0; } /* VerbatimString */
32code > span.ss { color: #bb6688; } /* SpecialString */
33code > span.im { } /* Import */
34code > span.va { color: #19177c; } /* Variable */
35code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
36code > span.op { color: #666666; } /* Operator */
37code > span.bu { } /* BuiltIn */
38code > span.ex { } /* Extension */
39code > span.pp { color: #bc7a00; } /* Preprocessor */
40code > span.at { color: #7d9029; } /* Attribute */
41code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
42code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
43code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
44code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
30 </style> 45 </style>
31 <link rel="stylesheet" href="github-markdown.css"> 46 <link rel="stylesheet" href="github-markdown.css">
47 <!--[if lt IE 9]>
48 <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
49 <![endif]-->
32</head> 50</head>
33<body> 51<body>
34<div id="local-sidebar"> 52<div id="local-sidebar">
@@ -39,18 +57,25 @@ code > span.er { color: #ff0000; font-weight: bold; }
39<li><a href="Download.html">Download</a></li> 57<li><a href="Download.html">Download</a></li>
40<li><a href="Server-requirements.html">Server requirements</a></li> 58<li><a href="Server-requirements.html">Server requirements</a></li>
41<li><a href="Server-configuration.html">Server configuration</a></li> 59<li><a href="Server-configuration.html">Server configuration</a></li>
60<li><a href="Server-security.html">Server security</a></li>
61<li><a href="Shaarli-installation.html">Shaarli installation</a></li>
42<li><a href="Shaarli-configuration.html">Shaarli configuration</a></li> 62<li><a href="Shaarli-configuration.html">Shaarli configuration</a></li>
63<li><a href="Plugins.html">Plugins</a></li>
43</ul></li> 64</ul></li>
65<li><a href="Docker.html">Docker</a></li>
44<li><a href="Usage.html">Usage</a> 66<li><a href="Usage.html">Usage</a>
45<ul> 67<ul>
46<li><a href="Sharing-button.html">Sharing button</a> (bookmarklet)</li> 68<li><a href="Sharing-button.html">Sharing button</a> (bookmarklet)</li>
69<li><a href="Browsing-and-Searching.html">Browsing and Searching</a></li>
47<li><a href="Firefox-share.html">Firefox share</a></li> 70<li><a href="Firefox-share.html">Firefox share</a></li>
48<li><a href="RSS-feeds.html">RSS feeds</a></li> 71<li><a href="RSS-feeds.html">RSS feeds</a></li>
49</ul></li> 72</ul></li>
50<li>How To 73<li>How To
51<ul> 74<ul>
52<li><a href="Backup,-restore,-import-and-export.html">Backup, restore, import and export</a></li> 75<li><a href="Backup,-restore,-import-and-export.html">Backup, restore, import and export</a></li>
76<li><a href="Upgrade-from-original-sebsauvage/Shaarli.html">Upgrade from original sebsauvage/Shaarli</a></li>
53<li><a href="Copy-an-existing-installation-over-SSH-and-serve-it-locally.html">Copy an existing installation over SSH and serve it locally</a></li> 77<li><a href="Copy-an-existing-installation-over-SSH-and-serve-it-locally.html">Copy an existing installation over SSH and serve it locally</a></li>
78<li><a href="Create-and-serve-multiple-Shaarlis-(farm).html">Create and serve multiple Shaarlis (farm)</a></li>
54<li><a href="Download-CSS-styles-from-an-OPML-list.html">Download CSS styles from an OPML list</a></li> 79<li><a href="Download-CSS-styles-from-an-OPML-list.html">Download CSS styles from an OPML list</a></li>
55<li><a href="Datastore-hacks.html">Datastore hacks</a></li> 80<li><a href="Datastore-hacks.html">Datastore hacks</a></li>
56</ul></li> 81</ul></li>
@@ -62,6 +87,7 @@ code > span.er { color: #ff0000; font-weight: bold; }
62<li><a href="Directory-structure.html">Directory structure</a></li> 87<li><a href="Directory-structure.html">Directory structure</a></li>
63<li><a href="3rd-party-libraries.html">3rd party libraries</a></li> 88<li><a href="3rd-party-libraries.html">3rd party libraries</a></li>
64<li><a href="Plugin-System.html">Plugin System</a></li> 89<li><a href="Plugin-System.html">Plugin System</a></li>
90<li><a href="Release-Shaarli.html">Release Shaarli</a></li>
65<li><a href="Security.html">Security</a></li> 91<li><a href="Security.html">Security</a></li>
66<li><a href="Static-analysis.html">Static analysis</a></li> 92<li><a href="Static-analysis.html">Static analysis</a></li>
67<li><a href="Theming.html">Theming</a></li> 93<li><a href="Theming.html">Theming</a></li>
@@ -101,8 +127,8 @@ code > span.er { color: #ff0000; font-weight: bold; }
101<li>Links are stored as an associative array which is serialized, compressed (with deflate), base64-encoded and saved as a comment in a <code>.php</code> file.</li> 127<li>Links are stored as an associative array which is serialized, compressed (with deflate), base64-encoded and saved as a comment in a <code>.php</code> file.</li>
102<li>Even if the server does not support <code>.htaccess</code> files, the data file will still not be readable by URL.</li> 128<li>Even if the server does not support <code>.htaccess</code> files, the data file will still not be readable by URL.</li>
103<li><p>The database looks like this:</p> 129<li><p>The database looks like this:</p>
104<pre class="sourceCode php"><code class="sourceCode php"><span class="kw">&lt;?php</span> <span class="co">/* zP1ZjxxJtiYIvvevEPJ2lDOaLrZv7o...</span> 130<div class="sourceCode"><pre class="sourceCode php"><code class="sourceCode php"><span class="kw">&lt;?php</span> <span class="co">/* zP1ZjxxJtiYIvvevEPJ2lDOaLrZv7o...</span>
105<span class="co">...ka7gaco/Z+TFXM2i7BlfMf8qxpaSSYfKlvqv/x8= */</span> <span class="kw">?&gt;</span></code></pre></li> 131<span class="co">...ka7gaco/Z+TFXM2i7BlfMf8qxpaSSYfKlvqv/x8= */</span> <span class="kw">?&gt;</span></code></pre></div></li>
106<li><p>Small hashes are used to make a link to an entry in Shaarli. They are unique. In fact, the date of the items (eg. <code>20110923_150523</code>) is hashed with CRC32, then converted to base64 and some characters are replaced. They are always 6 characters longs and use only <code>A-Z a-z 0-9 - _</code> and <code>@</code>.</p></li> 132<li><p>Small hashes are used to make a link to an entry in Shaarli. They are unique. In fact, the date of the items (eg. <code>20110923_150523</code>) is hashed with CRC32, then converted to base64 and some characters are replaced. They are always 6 characters longs and use only <code>A-Z a-z 0-9 - _</code> and <code>@</code>.</p></li>
107</ul> 133</ul>
108</body> 134</body>