Changes
Page history
clarify issues with the alternatives considered
authored
Jun 17, 2021
by
anarcat
Show whitespace changes
Inline
Side-by-side
service/dangerzone.md
View page @
bbcc786f
...
...
@@ -309,6 +309,10 @@ using [Qubes](https://www.qubes-os.org/) isolation. It's not exactly clear what
was, but it was basically one person being added to the hiring email
alias and processing the files by hand in Qubes.
The issue with the Qubes workflow is, well, it requires someone to run
Qubes, which is not exactly trivial or convenient. The original author
of the WebDAV processor, for example, never bothered with Qubes...
### Manual Dangerzone process
The partial automation process used by anarcat before automation was:
...
...
@@ -322,6 +326,12 @@ The partial automation process used by anarcat before automation was:
6.
rsync the files back to my local computer
7.
upload the files into some Nextcloud folder
This process was slow and error-prone, requiring a significant number
of round-trips to get batches of files processed. It would have worked
fine if all files came as a single batch, but files are actually
trickling in in multiple batches, worst case being they need to be
processed one by one.
### Email-based process
An alternative, email-based process was also suggested:
...
...
@@ -334,11 +344,11 @@ An alternative, email-based process was also suggested:
5.
the program uploads the sanitized attachment in a Nextcloud folder
named after the unique ID
My concern with th
at
approach was that it exposes the
sanitization
routines to the world, which opens the door to Denial of
service
attacks, at the very least. Someone could flood the disk by
sending a
massive number of resumes, for example. I could also think
of ZIP
bombs that could have "fun" consequences.
My concern with th
e email-based
approach was that it exposes the
sanitization
routines to the world, which opens the door to Denial of
service
attacks, at the very least. Someone could flood the disk by
sending a
massive number of resumes, for example. I could also think
of ZIP
bombs that could have "fun" consequences.
By putting a user between the world and the script, we have some
ad-hoc moderation that alleviates that issues, and also ensures a
...
...
...
...
