Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to delete file at first view #58

Open
ipatjolvur opened this issue Apr 17, 2016 · 2 comments
Open

Option to delete file at first view #58

ipatjolvur opened this issue Apr 17, 2016 · 2 comments

Comments

@ipatjolvur
Copy link

ipatjolvur commented Apr 17, 2016
edited
Loading

Enhancement request:
Offer a checkbox on the upload page to delete the file when it is first accessed.

For an open source example, see lutim or ZeroBin:
https://github.com/ldidry/lutim
https://lut.im

https://github.com/sebsauvage/ZeroBin
http://sebsauvage.net/paste/
http://sebsauvage.net/wiki/doku.php?id=php:zerobin
@BetterToAutomateTheWorld
Copy link

Hi,

I think your proposal is linked with the issue about file expiration #19

In my point of view Zerobin is a great example of "burn after reading" and "delete after x time" files

@k3d3
Copy link
Contributor

k3d3 commented Aug 6, 2017
edited
Loading

One potential solution to this problem is to bundle the deletion key with the file metadata. That way, we can change the client to automatically delete images when it sees that key.

The benefit to this solution is that it requires no changes to the server. The drawback is, obviously, it's up to the client to ACTUALLY do the deletion, and therefore with modified code, the client could forego this deletion.

The other solution is to somehow tag the file in a way that the server can see it. This could be something as simple as a JSON file that sits alongside the encrypted data. That metadata could contain a tag stating the file is to be deleted on first access, or that any access after some time should be rejected (and then deleted) in the case of file expiration in #19. (The latter has an even better solution of a file deletion time being specified in a cron or other exact timing system, so it doesn't stay around on the server past the expiration date).

The benefit to this solution is that the one-time view is enforced by the server, so it isn't up to the client to be trusted. The drawback is that we would no longer have the flexibility to host the files on any server (currently they're handled directly through nginx as static files, but they could currently just as easily be hosted through Apache or some other webserver, and even thrown onto things like glusterfs or IPFS). The files would have to be served by the node.js server or through some other custom server.

As a stop-gap method, we could probably implement the first solution relatively quickly and easily, but I'm hesitant on being required to support the second solution because the flexibility of hosting is lost. Perhaps if that option could be put behind a server-side flag or something, that would be a good middle ground. Allow people to still host files in super-replicated or custom ways, with the understanding that some features such as file expiration and one-time views can't be reliably supported. Alternatively, support file expiry and one-time deletion with the understanding that it has to be done through a custom server.

@k3d3 k3d3 mentioned this issue Aug 6, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@k3d3 @ipatjolvur @BetterToAutomateTheWorld