A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
Go to file
2015-08-30 15:06:32 +02:00
cfg Merge branch 'master' of https://github.com/elrido/ZeroBin 2015-08-30 14:33:09 +02:00
css Merge branch 'master' of https://github.com/elrido/ZeroBin 2015-08-30 14:33:09 +02:00
doc fixing nasty deletion bug from #15, included unit tests to trigger it 2015-08-27 21:41:21 +02:00
img Added "Raw text" button. 2015-08-15 20:25:46 +02:00
js Password input id change in zerobin.js 2015-08-30 15:06:32 +02:00
lib concluding work on configuration test generator for #16. Replaced a few 2015-08-29 20:29:14 +02:00
tpl Fixed bug of password input not displaying on bootstrap theme 2015-08-30 14:46:43 +02:00
tst concluding work on configuration test generator for #16. Replaced a few 2015-08-29 20:29:14 +02:00
.gitattributes working on configuration unit test generator as described in #16 2015-08-29 01:26:48 +02:00
.gitignore optimized bootstrap comment layout 2015-08-23 15:52:25 +02:00
CHANGELOG.md XSS flaw correction 2015-08-15 22:01:43 +02:00
CREDITS.md had to revert to HTML5 instead of XHTML5 because of compatibility 2012-08-28 23:28:41 +02:00
index.php XSS flaw correction 2015-08-15 22:01:43 +02:00
INSTALL.md had to revert to HTML5 instead of XHTML5 because of compatibility 2012-08-28 23:28:41 +02:00
README.md Updated README with a security notice as mentioned in issue #13 2015-08-23 18:09:34 +02:00
robots.txt Incorrect structure 2013-11-01 01:22:16 +01:00

ZeroBin 0.19 Alpha

ZeroBin is a minimalist, opensource online pastebin where the server has zero knowledge of pasted data.

Data is encrypted/decrypted in the browser using 256 bit AES.

This fork of ZeroBin refactored the source code to allow easier and cleaner extensions. It is still fully compatible to the original ZeroBin 0.19 data storage scheme. Therefore such installations can be upgraded to this fork without loosing any data.

What ZeroBin provides

  • As a server administrator you don't have to worry if your users post content that is considered illegal in your country. You have no knowledge of any pastes content. If requested or enforced, you can delete any paste from your system.

  • Pastebin like system to store text documents, code samples, etc.

  • Encryption of data sent to server, even if it does not provide HTTPS.

What it doesn't provide

  • As a user you have to trust the server administrator, your internet provider and any country the traffic passes not to inject any malicious code.

  • The "password" to encrypt the paste is part of the URL. If you publicly post a paste URL, everybody can read it.

  • A server admin might be forced to hand over access logs to the authorities. ZeroBin encrypts your text and the discussion contents, but who accessed it first might still be disclosed via such access logs.

Options

Some features are optional and can be enabled or disabled in the configuration file:

  • Discussions

  • Expiration times, including a "forever" and "burn after reading" option

  • Syntax highlighting using prettify.js, including 4 prettify themes

  • Templates: By default there is a "classic" and a bootstrap based theme, but it is easy to adapt these to your own websites layout.

Further resources

Run into any issues? Have ideas for further developments? Please report them!


Copyright (c) 2012 Sébastien SAUVAGE (sebsauvage.net)

This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.

Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:

1. The origin of this software must not be misrepresented; you must 
   not claim that you wrote the original software. If you use this 
   software in a product, an acknowledgment in the product documentation
   would be appreciated but is not required.

2. Altered source versions must be plainly marked as such, and must 
   not be misrepresented as being the original software.

3. This notice may not be removed or altered from any source distribution.