On 2020-08-28 (Friday) at 18:07, colecmac at protonmail.com wrote: > This is cool! It's nice to see another thing similar to gemlog.blue, > although it'd be nice as well to not end up creating an ecosystem that > relies on this all the time. This is a really fair point. I really just made this (and use gemlog.blue all the time) because I don't have ssh access at work, and I figure others don't either. Ideally, there'd be another server that's like Phoebe but non-wiki-fied, or something like it -- using a partner protocol to upload content "in-band," as it were. Maybe something for me to work on! > > What do you mean by "create a sigil file"? Hey, sorry this wasn't clear. Since I wanted to limit the users of this site to users of breadpunk.club, I have the user verification just look at the users on the system to see if it's valid. Of course, I realized that there needed to be a check when someone *creates* a user account -- since the user list is public, anyone could impersonate a current user and post as them, basically. The best idea I could come up with is a file, ~/.slice, to act as a sort of sigil or sign -- if a user wants to post using slices.breadpunk.club, they'll need to ssh in and add that file (and since only they can do that, it'll ensure it's them) before they sign up. Of course, there's still some insecurities there: there's a lag between the creation of the slice file and signing up, for example. I admit I'm relying on the smallness of this space to keep secure, which ... isn't great. > > And is the source code of this site available? That'd be great. As of now, no -- let me "clean it up" and post it somewhere tonight or tomorrow, and I'll ping this thread again. I need to comb through it a little more and make sure it's as secure as I can make it. This is the first "real" PHP I've written (copy-pasted), so I'm a little nervous! Thanks for the interest though :) -- ~ acdw acdw.net | breadpunk.club/~breadw
---
Previous in thread (2 of 3): 🗣️ colecmac (a) protonmail.com (colecmac (a) protonmail.com)