From 7cc938fac5124b943a977ef06225e7117de336b9 Mon Sep 17 00:00:00 2001 From: rugk Date: Sun, 31 Jul 2016 12:54:37 +0200 Subject: [PATCH] Add notes about new config values --- Configuration.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Configuration.md b/Configuration.md index 4a90b83..1e2d0e4 100644 --- a/Configuration.md +++ b/Configuration.md @@ -97,6 +97,17 @@ true | set, i.e. to "fr" | set | uses browser language or the Optionally PrivateBin can offer a link to a URL shortener service after a new paste is created. It is strongly suggested to only use this with self-hosted shortener services as this will leak the pastes encryption key to the service entered here. +### vizhash + +PrivateBin creates avatars (with "visual hashes" = vizhashes) for users commenting on PrivateBins. These avatars are generated from the IP of the user commenting, which is a potential vulnerability, which may allow an attacker to guess the IP of the user, who published the comment. This issue has been found in a [security audit](https://defuse.ca/audits/zerobin.htm) (2.4.). +For privacy reason you can therefore disable this feature. + +#### zerobincompatibility + +This option as introduced with the name switch of ZeroBin to PrivateBin. By default it is disabled and therefore prevents the use of some depreciated, outdated features of PrivateBin, which were used in ZeroBin. +For full compatibility with ZeroBin, you can enable this option. However this is not recommend as it weakens the security of your PrivateBin instance. + + ### model The sections `[model]` and `[model_options]` control how your pastes are stored. Currently PrivateBin stores its pastes as flat files by default (`[model]` section, `class = privatebin_data`) and the option `dir` in the section `[model_options]` tells it in what folder to store them. Note that this directory needs to be writable for the process running PHP (i.e. your webserver, FPM or CGI process).