pub / pastesrv

Paste service setup for paste.jayvii.de
git clone https://src.jayvii.de/pub/pastesrv.git
Home | Log | Files | Exports | Refs | README | RSS
commit 0acea594ba6501c67f4afc408e71386dc5f605b2
parent b3b1d6550e11f7a66de1c984b2a7bd1647e789fd
Author: JayVii <jayvii[AT]posteo[DOT]de>
Date:   Tue, 13 Aug 2024 18:36:17 +0200

feat: add dynamic salt value for URL hashing

Diffstat:

Mconfig/config.php | 5+++++


Mindex.php | 2+-


2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/config/config.php b/config/config.php
@@ -5,4 +5,9 @@ echo "MY-SECURE-PASSWORD" | sha256sum | awk '{print $1}'
 */
 $auth_hash="PW_PLACEHOLDER";
 
+/* Dynamic salt value for the hashing process. This makes it a lot harder to
+guess the resulting hash and therefore URL of a paste
+ */
+$salt=rand(0, getrandmax());
+
 ?>
diff --git a/index.php b/index.php
@@ -77,7 +77,7 @@
       if (!is_null($_FILES["file"]["tmp_name"]) || $_POST["text"] != "") {
 
         /* Create Hash Name */
-        $hash = hash("sha256", time());
+        $hash = hash("sha256", time() . $salt);
         $pasted = false;
 
         /* Process if file was uploaded */