diff options
Diffstat (limited to 'doc/Security.html')
-rw-r--r-- | doc/Security.html | 62 |
1 files changed, 44 insertions, 18 deletions
diff --git a/doc/Security.html b/doc/Security.html index 914fa507..b1969a4c 100644 --- a/doc/Security.html +++ b/doc/Security.html | |||
@@ -4,31 +4,49 @@ | |||
4 | <meta charset="utf-8"> | 4 | <meta charset="utf-8"> |
5 | <meta name="generator" content="pandoc"> | 5 | <meta name="generator" content="pandoc"> |
6 | <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes"> | 6 | <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes"> |
7 | <title>Shaarli - Security</title> | 7 | <title>Shaarli – Security</title> |
8 | <style type="text/css">code{white-space: pre;}</style> | 8 | <style type="text/css">code{white-space: pre;}</style> |
9 | <!--[if lt IE 9]> | ||
10 | <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> | ||
11 | <![endif]--> | ||
12 | <style type="text/css"> | 9 | <style type="text/css"> |
10 | div.sourceCode { overflow-x: auto; } | ||
13 | table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode { | 11 | table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode { |
14 | margin: 0; padding: 0; vertical-align: baseline; border: none; } | 12 | margin: 0; padding: 0; vertical-align: baseline; border: none; } |
15 | table.sourceCode { width: 100%; line-height: 100%; } | 13 | table.sourceCode { width: 100%; line-height: 100%; } |
16 | td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; } | 14 | td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; } |
17 | td.sourceCode { padding-left: 5px; } | 15 | td.sourceCode { padding-left: 5px; } |
18 | code > span.kw { color: #007020; font-weight: bold; } | 16 | code > span.kw { color: #007020; font-weight: bold; } /* Keyword */ |
19 | code > span.dt { color: #902000; } | 17 | code > span.dt { color: #902000; } /* DataType */ |
20 | code > span.dv { color: #40a070; } | 18 | code > span.dv { color: #40a070; } /* DecVal */ |
21 | code > span.bn { color: #40a070; } | 19 | code > span.bn { color: #40a070; } /* BaseN */ |
22 | code > span.fl { color: #40a070; } | 20 | code > span.fl { color: #40a070; } /* Float */ |
23 | code > span.ch { color: #4070a0; } | 21 | code > span.ch { color: #4070a0; } /* Char */ |
24 | code > span.st { color: #4070a0; } | 22 | code > span.st { color: #4070a0; } /* String */ |
25 | code > span.co { color: #60a0b0; font-style: italic; } | 23 | code > span.co { color: #60a0b0; font-style: italic; } /* Comment */ |
26 | code > span.ot { color: #007020; } | 24 | code > span.ot { color: #007020; } /* Other */ |
27 | code > span.al { color: #ff0000; font-weight: bold; } | 25 | code > span.al { color: #ff0000; font-weight: bold; } /* Alert */ |
28 | code > span.fu { color: #06287e; } | 26 | code > span.fu { color: #06287e; } /* Function */ |
29 | code > span.er { color: #ff0000; font-weight: bold; } | 27 | code > span.er { color: #ff0000; font-weight: bold; } /* Error */ |
28 | code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */ | ||
29 | code > span.cn { color: #880000; } /* Constant */ | ||
30 | code > span.sc { color: #4070a0; } /* SpecialChar */ | ||
31 | code > span.vs { color: #4070a0; } /* VerbatimString */ | ||
32 | code > span.ss { color: #bb6688; } /* SpecialString */ | ||
33 | code > span.im { } /* Import */ | ||
34 | code > span.va { color: #19177c; } /* Variable */ | ||
35 | code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */ | ||
36 | code > span.op { color: #666666; } /* Operator */ | ||
37 | code > span.bu { } /* BuiltIn */ | ||
38 | code > span.ex { } /* Extension */ | ||
39 | code > span.pp { color: #bc7a00; } /* Preprocessor */ | ||
40 | code > span.at { color: #7d9029; } /* Attribute */ | ||
41 | code > span.do { color: #ba2121; font-style: italic; } /* Documentation */ | ||
42 | code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */ | ||
43 | code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */ | ||
44 | code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */ | ||
30 | </style> | 45 | </style> |
31 | <link rel="stylesheet" href="github-markdown.css"> | 46 | <link rel="stylesheet" href="github-markdown.css"> |
47 | <!--[if lt IE 9]> | ||
48 | <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script> | ||
49 | <![endif]--> | ||
32 | </head> | 50 | </head> |
33 | <body> | 51 | <body> |
34 | <div id="local-sidebar"> | 52 | <div id="local-sidebar"> |
@@ -39,18 +57,25 @@ code > span.er { color: #ff0000; font-weight: bold; } | |||
39 | <li><a href="Download.html">Download</a></li> | 57 | <li><a href="Download.html">Download</a></li> |
40 | <li><a href="Server-requirements.html">Server requirements</a></li> | 58 | <li><a href="Server-requirements.html">Server requirements</a></li> |
41 | <li><a href="Server-configuration.html">Server configuration</a></li> | 59 | <li><a href="Server-configuration.html">Server configuration</a></li> |
60 | <li><a href="Server-security.html">Server security</a></li> | ||
61 | <li><a href="Shaarli-installation.html">Shaarli installation</a></li> | ||
42 | <li><a href="Shaarli-configuration.html">Shaarli configuration</a></li> | 62 | <li><a href="Shaarli-configuration.html">Shaarli configuration</a></li> |
63 | <li><a href="Plugins.html">Plugins</a></li> | ||
43 | </ul></li> | 64 | </ul></li> |
65 | <li><a href="Docker.html">Docker</a></li> | ||
44 | <li><a href="Usage.html">Usage</a> | 66 | <li><a href="Usage.html">Usage</a> |
45 | <ul> | 67 | <ul> |
46 | <li><a href="Sharing-button.html">Sharing button</a> (bookmarklet)</li> | 68 | <li><a href="Sharing-button.html">Sharing button</a> (bookmarklet)</li> |
69 | <li><a href="Browsing-and-Searching.html">Browsing and Searching</a></li> | ||
47 | <li><a href="Firefox-share.html">Firefox share</a></li> | 70 | <li><a href="Firefox-share.html">Firefox share</a></li> |
48 | <li><a href="RSS-feeds.html">RSS feeds</a></li> | 71 | <li><a href="RSS-feeds.html">RSS feeds</a></li> |
49 | </ul></li> | 72 | </ul></li> |
50 | <li>How To | 73 | <li>How To |
51 | <ul> | 74 | <ul> |
52 | <li><a href="Backup,-restore,-import-and-export.html">Backup, restore, import and export</a></li> | 75 | <li><a href="Backup,-restore,-import-and-export.html">Backup, restore, import and export</a></li> |
76 | <li><a href="Upgrade-from-original-sebsauvage/Shaarli.html">Upgrade from original sebsauvage/Shaarli</a></li> | ||
53 | <li><a href="Copy-an-existing-installation-over-SSH-and-serve-it-locally.html">Copy an existing installation over SSH and serve it locally</a></li> | 77 | <li><a href="Copy-an-existing-installation-over-SSH-and-serve-it-locally.html">Copy an existing installation over SSH and serve it locally</a></li> |
78 | <li><a href="Create-and-serve-multiple-Shaarlis-(farm).html">Create and serve multiple Shaarlis (farm)</a></li> | ||
54 | <li><a href="Download-CSS-styles-from-an-OPML-list.html">Download CSS styles from an OPML list</a></li> | 79 | <li><a href="Download-CSS-styles-from-an-OPML-list.html">Download CSS styles from an OPML list</a></li> |
55 | <li><a href="Datastore-hacks.html">Datastore hacks</a></li> | 80 | <li><a href="Datastore-hacks.html">Datastore hacks</a></li> |
56 | </ul></li> | 81 | </ul></li> |
@@ -62,6 +87,7 @@ code > span.er { color: #ff0000; font-weight: bold; } | |||
62 | <li><a href="Directory-structure.html">Directory structure</a></li> | 87 | <li><a href="Directory-structure.html">Directory structure</a></li> |
63 | <li><a href="3rd-party-libraries.html">3rd party libraries</a></li> | 88 | <li><a href="3rd-party-libraries.html">3rd party libraries</a></li> |
64 | <li><a href="Plugin-System.html">Plugin System</a></li> | 89 | <li><a href="Plugin-System.html">Plugin System</a></li> |
90 | <li><a href="Release-Shaarli.html">Release Shaarli</a></li> | ||
65 | <li><a href="Security.html">Security</a></li> | 91 | <li><a href="Security.html">Security</a></li> |
66 | <li><a href="Static-analysis.html">Static analysis</a></li> | 92 | <li><a href="Static-analysis.html">Static analysis</a></li> |
67 | <li><a href="Theming.html">Theming</a></li> | 93 | <li><a href="Theming.html">Theming</a></li> |
@@ -101,8 +127,8 @@ code > span.er { color: #ff0000; font-weight: bold; } | |||
101 | <li>Links are stored as an associative array which is serialized, compressed (with deflate), base64-encoded and saved as a comment in a <code>.php</code> file.</li> | 127 | <li>Links are stored as an associative array which is serialized, compressed (with deflate), base64-encoded and saved as a comment in a <code>.php</code> file.</li> |
102 | <li>Even if the server does not support <code>.htaccess</code> files, the data file will still not be readable by URL.</li> | 128 | <li>Even if the server does not support <code>.htaccess</code> files, the data file will still not be readable by URL.</li> |
103 | <li><p>The database looks like this:</p> | 129 | <li><p>The database looks like this:</p> |
104 | <pre class="sourceCode php"><code class="sourceCode php"><span class="kw"><?php</span> <span class="co">/* zP1ZjxxJtiYIvvevEPJ2lDOaLrZv7o...</span> | 130 | <div class="sourceCode"><pre class="sourceCode php"><code class="sourceCode php"><span class="kw"><?php</span> <span class="co">/* zP1ZjxxJtiYIvvevEPJ2lDOaLrZv7o...</span> |
105 | <span class="co">...ka7gaco/Z+TFXM2i7BlfMf8qxpaSSYfKlvqv/x8= */</span> <span class="kw">?></span></code></pre></li> | 131 | <span class="co">...ka7gaco/Z+TFXM2i7BlfMf8qxpaSSYfKlvqv/x8= */</span> <span class="kw">?></span></code></pre></div></li> |
106 | <li><p>Small hashes are used to make a link to an entry in Shaarli. They are unique. In fact, the date of the items (eg. <code>20110923_150523</code>) is hashed with CRC32, then converted to base64 and some characters are replaced. They are always 6 characters longs and use only <code>A-Z a-z 0-9 - _</code> and <code>@</code>.</p></li> | 132 | <li><p>Small hashes are used to make a link to an entry in Shaarli. They are unique. In fact, the date of the items (eg. <code>20110923_150523</code>) is hashed with CRC32, then converted to base64 and some characters are replaced. They are always 6 characters longs and use only <code>A-Z a-z 0-9 - _</code> and <code>@</code>.</p></li> |
107 | </ul> | 133 | </ul> |
108 | </body> | 134 | </body> |