-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Sam,
On 03/10/12 10:25, Sam de Silva wrote: > Can someone help me out - Is http://www.piratepad.net secure? I > thought it was, but I can't seem to access it via SSL. As far as I know, the pad software used by PiratePad and similar services doesn't support SSL. It might be possible to combine the software with stunnel (http://stunnel.org) to add SSL support, but I haven't heard of anyone trying it. > It'll also be really useful to know of 'piratepad' type platforms > that are secure, and there's controls over deleting the > collaborative pads/docs. Etherpad Lite has an HTTP API that can be used to delete pads: https://github.com/Pita/etherpad-lite/blob/master/doc/api/http_api.md There's been some discussion about making the same functionality available through a dashboard, but I don't think that's happened yet: https://github.com/Pita/etherpad-lite/issues/192 There are a couple of other security issues you might want to consider. First, the pad server (and anyone who hacks into the server) can read and modify any pad. No server is completely secure, so it's worth considering whether the pad server you're using contains valuable enough information to be worth someone's while to hack into. Second, if you create a named pad with Etherpad Lite, anyone who can guess the pad's name can access the pad. If you create an unnamed pad, a name is generated using Javascript's Math.random() function, which is not a strong source of randomness, so it might be possible for an attacker to guess the random name and access the pad. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQbCs0AAoJEBEET9GfxSfMgKEH/1rGH6GNm0DpDO6lnFJnTBvH kEnNSjU3b5BuYIw39wYfG3GE3sOsFuTnt0/KMWGB9M+FXqpNo08Yt3HXUfv2Lii0 eIm9JOLb1/CfmnCyCnVgkYKs2vORQmolAMSu+pqxuY1hb4GwfLRG+uY5wu6jA4fc CpdFz8ylPmoEfptbIpAhvuh2t2QAPcOvHKSs3xA4hafeDLXG7mebmG7Rbft+gs9G v8w4NMxrXiKoB6v7kR7ZOO7Jr1uRLUMn6prhVS+99v46QPyxGZDjiXO+VRohC2DG LsqkgyhdGY8a1FXVeUAKVc0YTud4I1E1d135TqqpE9DsFmh/QgEP2QSk/XZl1zg= =bWOj -----END PGP SIGNATURE----- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
