From d042bb41ba16f2beaa5b5c26edd444c6954da8d4 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 23 Aug 2015 18:09:34 +0200 Subject: [PATCH] Updated README with a security notice as mentioned in issue #13 --- README.md | 63 ++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 56 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index b9834d90..5e7d0a53 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,62 @@ -ZeroBin 0.19 Alpha +# ZeroBin 0.19 Alpha -==== THIS IS ALPHA SOFTWARE - USE AT YOUR OWN RISKS ==== +ZeroBin is a minimalist, opensource online pastebin where the server has zero +knowledge of pasted data. -ZeroBin is a minimalist, opensource online pastebin where the server -has zero knowledge of pasted data. Data is encrypted/decrypted in the -browser using 256 bits AES. +Data is encrypted/decrypted in the browser using 256 bit AES. -More information on the project page: -http://sebsauvage.net/wiki/doku.php?id=php:zerobin +This fork of ZeroBin refactored the source code to allow easier and cleaner +extensions. It is still fully compatible to the original ZeroBin 0.19 data +storage scheme. Therefore such installations can be upgraded to this fork +without loosing any data. + +## What ZeroBin provides + +- As a server administrator you don't have to worry if your users post content + that is considered illegal in your country. You have no knowledge of any + pastes content. If requested or enforced, you can delete any paste from your + system. + +- Pastebin like system to store text documents, code samples, etc. + +- Encryption of data sent to server, even if it does not provide HTTPS. + +## What it doesn't provide + +- As a user you have to trust the server administrator, your internet provider + and any country the traffic passes not to inject any malicious code. + +- The "password" to encrypt the paste is part of the URL. If you publicly post + a paste URL, everybody can read it. + +- A server admin might be forced to hand over access logs to the authorities. + ZeroBin encrypts your text and the discussion contents, but who accessed it + first might still be disclosed via such access logs. + +## Options + +Some features are optional and can be enabled or disabled in the [configuration +file](https://github.com/elrido/ZeroBin/wiki/Configuration): + +- Discussions + +- Expiration times, including a "forever" and "burn after reading" option + +- Syntax highlighting using prettify.js, including 4 prettify themes + +- Templates: By default there is a "classic" and a bootstrap based theme, but it + is easy to adapt these to your own websites layout. + +## Further resources + +- [Installation guide](https://github.com/elrido/ZeroBin/wiki/Installation) + +- [Configuration guide](https://github.com/elrido/ZeroBin/wiki/Configuration) + +- [Developer guide](https://github.com/elrido/ZeroBin/wiki/Development) + +Run into any issues? Have ideas for further developments? Please +[report](https://github.com/elrido/ZeroBin/issues) them! ------------------------------------------------------------------------------