stronglink
stronglink copied to clipboard
btrask
A searchable, syncable, content-addressable notetaking system
Right now the user query language is completely undocumented. This info belongs in `client/README.md`. Note that the syntax is mostly pretty similar to Google, etc. Meta-data and special attributes use...
We need to support verifying the HTTP `Host` header in order to prevent [DNS rebinding](https://en.wikipedia.org/wiki/DNS_rebinding). However, doing this properly will probably require user configuration. #6 I believe we can always...
Captchas for account creation or posting are necessary for preventing spam. #64 And yes, I qualify this as a security issue.
Two separate plugin systems, per the title. Creating a plugin should require very little code, with the absolute minimum amount of copy and paste between each plugin. For hashers, this...
It should be possible to query for things like `type=text/plain` or `type=image/*`.
As a blog platform, we have some work left to do. There should be a more limited way to write replies to the main posts, possibly without requiring signup. There...
Session keys are used by client applications to talk to the server. We should probably have some user interface for: - Creating session keys (including keys with reduced permissions, e.g....
In a very certain case, the old sync algorithm (currently implemented by `SLNPull`) can leak information by pulling meta-files that don't match the specified query. If the destination repository is...
Should we set `X-Frame-Options: DENY` on all/most of our HTTP responses?
Meta-files can only have a single target URI, but that address can theoretically match multiple files (as in semantic hashes (TBA) or hash collisions like with MD5). Right now we...