Modular drop-in PHP paste
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
actions
backends
conf
data
geshi
inc
.gitignore
.htaccess
LICENSE
README.fr.md
README.md
htaccess.dist
index.php
quigeonpaste_clientsideencryption.user.js

README.md

Quigeon Paste

Paste features

  • Write pastes simply
  • Make pastes publicly visible or private only
  • Make the pastes readable only once
  • Highlight the code in pastes (using geshi)
  • Encrypt pastes using a GreaseMonkey script
  • Deny bruteforce to find private pastes

Hosting features

  • Server-side implementation full in PHP, can easily be self-hosted
  • No database needed (but a storage backend can easily be developed)
  • Multi-language support
  • Automaticly minify Javascript and CSS
  • No need for a cron job to clean pastes

Installation

  1. Download QuigeonPaste

  2. Copy conf/local.conf.php.dist into conf/local.conf.php

  3. Edit conf/local.conf.php to personalize settings

  4. Ensure the data/ directory is writable by your webserver or change the storage backend to sqlite

  5. Change the @include of quigeonpaste_clientsideencryption.user.js

  6. Enjoy!

To enable paste encryption, each client must install GreaseMonkey and download the GM script.

Backends

Three backends types live inside Quigeon Paste:

  • auth
  • storage
  • tpl

Each of these is represented by a directory inside the backends folder. Inside these folders, there's a basic.class.php defining what the backends need to implement.

Each backend type commes with a default backend:

  • auth: the classic backend doesn't permit an IP address to bruteforce to find private pastes
  • storage: the plain backend stores the pastes in files on the filesystem
  • tpl: the default template backend defines what you see on the screen

Each backend has a backends/<backend type>/<backend name>/conf.php file that can be configured through the conf/local.conf.php configuration file.

Notes on the GreaseMonkey encryption script

Paste encryption in classic pastebin engines is always done through the Javascript given by the pastebin engine. Thus if, for whatever reason, the pastebin engine is changed and masquerade the encryption without actually doing it, users will expose their secret data to the server.

Using a GreaseMonkey script makes the encryption process client-side-dependant only, thus being more trustworty. Note, however, that you can't be 100% sure the encryption process will work, even with a GreaseMonkey script.