About “Coquelicot” ================== [Coquelicot] — /kɔ.kli.ko/ — is a "one-click" file sharing web application with a focus on protecting users' privacy. Basic principle: users can upload a file to the server, in return they get a unique URL which can be shared with others in order to download the file. Coquelicot aims to protect, to some extent, users and system administrators from disclosure of the files exchanged from passive and not so active attackers. [Coquelicot]: https://coquelicot.potager.org/ Features -------- * Support for different authentication methods In order to prevent random Internet users to eat bandwidth and disk space, Coquelicot limits upload to authenticated users. It currently ships with three authentication mechanisms: - "simplepass": uploading users need to provide a global, pre-shared, password; - "userpass": users will need to provide a login and a pre-shared password stored in a local configuration file; - "imap": users will need to provide a login and a password, that are used to authenticate against an existing IMAP server. - "ldap": users will need to provide a uid and a password, that are used to authenticate against an existing LDAP server. It is possible to integrate more authentication mechanisms by implementing a single method, some JavaScript, and a partial template to render the common fields. For more information have a look at the notes below. * Mandatory expiration When uploading, a time limit has to be specified. The file will be unavailable once this much time has passed. During a configurable period of time, trying to download the file will return a page saying "too late" instead of "not found". * Support for one-time download A user might want to allow exactly _one_ download of a file, to more closely replace an email attachment. The file will be removed after the first complete download and concurrent downloads are prevented. * Upload progress bar Users having JavaScript enabled will see a nice progress bar during the file upload. * Downgrade nicely The application works fine without JavaScript or CSS. * Download URL can be written on paper URLs generated to download files uses the Base32 character set. This set is specifically designed to overcome misread of 'l', '1', '0' and 'O' characters. Coquelicot will automatically convert case and ambiguous characters to facilitate URL exchanges using pieces of paper. * Files are stored encrypted on the server While being uploaded, files are written to the disk using symmetric encryption. The encryption key is _not_ stored directly by Coquelicot. It is either generated randomly and given as part of the download URL, or specified by the uploader. * Download can be protected by a password When uploading, a password can be specified which will then be used to encrypt the file. For subsequent downloads, the password must be entered through in a POST'ed form. This prevents the password from appearing in most server logs. * Files are stored with a random name To prevent disclosure of the shared file name, it is stored encrypted together with the file content. On the server, this encrypted file is stored with a random name. * Download URLs do not reflect stored file names The random names given in download URLs do not map directly to file names on the server. This prevent server logs from giving a direct mapping to the shared files. This creates another difficulty to link users to files through forensic techniques. * File content is zero'ed before removal When a file has expired, it is removed from the server. In order to make it harder to retrieve its content through filesystem analysis, it is filled with zeros first. Reporting bugs -------------- Please report bugs or suggest new features on the users and developers [mailing list]. [mailing list]: https://listes.potager.org/listinfo/coquelicot Authors ------- Coquelicot © 2010-2016 potager.org <jardiniers@potager.org> © 2014-2016 Rowan Thorpe <rowan@rowanthorpe.com> © 2010-2012 Jake Santee <jake@nadir.org> © 2012 Silvio Rhatto <rhatto@riseup.net> © 2011 mh / immerda.ch <mh+coquelicot@immerda.ch> Coquelicot is distributed under the [GNU Affero General Public License] version 3 or (at your option) any later version. Background image (`public/images/background.jpg`) derived from: [“coquelicot” picture] © 2008 Jean-Louis Zimmermann Licensed under [Creative Commons Attributions 2.0 Generic] *jQuery* is © 2011 John Resig. Licensed under the [MIT license]. *jquery.uploadProgress* is © 2008 Piotr Sarnacki. Licensed under the [MIT license]. *lightboxFu* is © 2008 Piotr Sarnacki. Licensed under the [MIT license]. [“coquelicot” picture]: https://secure.flickr.com/photos/jeanlouis_zimmermann/2478019744/ [GNU Affero General Public License]: http://www.gnu.org/licenses/agpl.txt [Creative Commons Attributions 2.0 Generic]: https://creativecommons.org/licenses/by/2.0/deed [MIT license]: http://www.opensource.org/licenses/mit-license.php
JosephKiranBabu/coquelicot
Fork of Coquelicot - "one-click" file sharing web application with a focus on users' privacy
RubyAGPL-3.0