Ellpeck/ObsidianJustSharePlease
1
0
Fork 0
mirror of https://github.com/Ellpeck/ObsidianJustSharePlease.git synced 2024-05-20 02:01:22 +02:00
Code Issues Projects Releases Wiki Activity

security info

Browse source
This commit is contained in:
Ell 2023-09-25 14:01:44 +02:00
parent 56184ef7ff
commit 55382cecc2
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
server/public/index.md
View file

@ -21,6 +21,8 @@ There are two ways to manage shared notes: you can open the context menu on a sh
Both allow a set of actions, including sharing the link, updating the share and deleting the share. When updating the share, the link will stay intact, but it will be updated with the note's new content.
## How it Works (and Security)
**To report a security vulnerability, please use GitHub's [private vulnerability reporting](https://github.com/Ellpeck/ObsidianJustSharePlease/security) feature or email [me@ellpeck.de](mailto:me@ellpeck.de).**
Just Share Please uses a simple [PHP backend](https://github.com/Ellpeck/ObsidianJustSharePlease/blob/main/server/public/share.php) that accepts requests for sharing, updating and deleting notes.
When sharing a note, its content as well as additional metadata created by the backend is stored in the server's `data` directory. Note content is stored **in plain text**, which means server admins are able to observe all notes and their content and potentially edit them. However, for users of Just Share Please to update or delete a shared note, they have to have access to a **password** that is automatically generated by the backend when sharing a note. You don't have to remember this password yourself, as it is automatically saved in the plugin's settings file. This also means that **deleting your settings** causes you to **lose access to all your shares**.