hello everyone! is there a way to upload all the articles to a project at once? i got different tier projects but i find hard to add the manually. do you have any suggestions?
It is completely clear how desktop and mobile platforms for sync.com allow zero knowledge. However, it blows my mind when I try to understand how “ZERO KNOWLEDGE” could be theoretically possible when using a browser, i.e. web application upload.
So I login to sync.com with Chrome. Then I hit
upload a file button, and a file from my PC is getting uploaded and encrypted on the fly by the browser? Then the browser must know my encryption key, i.e. my login password!!!!!!! Does this mean the browser (and the sync.com) is keeping my login credentials while I’m logged in? As far as I know the credentials should not be kept like this, the modern practice is JWT token or somethin……. Anyway… encription…. des a browser even have such a complicated encryption capability (comparable with the desktop app) …..or are my files being simply uploaded to the server and encrypted there????? But either way that would not be a zero knowledge
I’m not sure if this is the right place for this question, but here goes:
We have a website where customers can login, and see some safety forms as PDF documents.
The idea is that they need to fill out these forms, and send them to us somehow.
Right now, there are 2 choices:
- We can let the customer print the form, fill it out with a pencil/pen, scan it, and upload it to us as a file
- We can convert the form into HTML, and have them fill out a regular HTML form
Both would work, but:
- Option 1 is incredibly inconvenient for the customer
- They need a printer and scanner
- They need to go through the effort of printing and scanning potentially dozens of pages per day
- Option 2 is incredibly inconvenient for us
- For every Safety Form we want to show the customer, which could be dozens, each one made up of dozens of pages, we would need to spend time converting it to HTML
- The managers running our website that have new safety forms to show the customer don’t know HTML, so they’ll constantly be bugging web developers to convert PDF files to HTML. Our web developers have better things to do than convert PDFs to HTML all day long
There are a few libraries that can do this that I have come across, but they all seem to be insanely expensive. pdfjs.express is $ 375/month. My boss would be unlikely to pay 1/10th of that as a one time fee…
Is there a free library to let someone use their browser to write text overtop of a PDF file, and send it to the server when they are done?
Failing that, are there any other ideas?
Edit: We can also do something like convert each PDF uploaded by the managers to a set of images (one image per page), show them to the customer as images, and use something like
marker.js to let them modify the images. It may be a bit of work to get working, but right now, that’s my best option
From googling, a lot of file upload vulnerabilities rely on injecting something into the filename and also rely on the picture being stored on the server, is it safe to just do a post request of the picture’s content (
file-contents: ‰PNG...... via post request) then display it on the browser like, as
<img src="data:image/png;base64,.....> ?
Every time I install Windows 10, I painstakingly go through every setting that can be found in any GUI setting for the OS, disabling everything that sounds creepy.
One of the most disturbing things I’ve found is what I believe is called “automatic sample submission“, which means that the built-in anti-virus tool in Windows 10 can, by default, decide to upload any file it deems “potentially risky” to Microsoft, “for further analysis”. It also mentions that it doesn’t do this for files which “may contain personal data”.
But how can it know that? Does it:
- Simply look at the file extension and only upload .EXE and other “obvious binaries”?
- Does it ignore the file extension and instead look inside the file to check if it contains executable code?
- A combination of both?
What happens if I have a word processing document full of private information, but which also has a malicious macro or something accidentally baked (embedded) into it?
What happens if I have an EXE which actually has had all data files baked into it while I’m developing a game as to be a single file? (This is an actual situation I’ve been in in the past.)
Does it deem the data files for my local PostgreSQL database full of ultra-private information as “potentially dangerous” and upload those?
I can think of numerous situations where even the smartest code in the world would not be able to determine what contains private data or not. And, frankly, I have virtually zero confidence left in Microsoft’s judgment at this point, having wasted a huge amount of my life fighting the OS to be able to use it at all. I’ve found numerous typos in their “stable” releases, making me extremely scared of how much data has been uploaded in spite of all the care I’ve tried to take to avoid it.
I also remember that it eagerly wanted to re-enable this feature, even harassing me about it. I can imagine that the vast majority of users have no idea about this, let alone have gone through the trouble of force-disabling it.
I wonder can I use the option of input type=”file” in html to upload from url ( web/ftp etc. ) ? Is there option to it? To more explain, I want to select zip file with url and uoload it to website.Which operating systems support it? How can do it on linux,mac and windows 10? I talking about the option on the link:
Is it possible to upload some sort of encrypted video, that you should use some special client to decrypt and watch it.
This could be a way to bypass content control and copyright.
I reported a self-xss on file uploader input to a bug bounty company and they said that they will only accept it if i can find a good clickjacking exploit for that input. My question is: Is it possible to make a clickjacking proof of concept on a file uploader input? This XSS trigger if i select a file named
<script>alert(1)<.pdf as file to upload. Is it possible to make automatically load a file with a custom name inside of an iframed page file uploader input with just few clicks?
when using chrome, can a maliciously designed or temporarily compromised website that has a file upload dialog box, when selecting a file to upload on such a website, and pasting, for instance, an image from a website as the file (does this use edge?) somehow impact the explorer.exe process or windows filesystem? can this access be contained within edge’s browser cache or can it go further?
Last week, the most recent update of WordPress 5.3 came out and I updated it. As many other people, my website had a lot of problems after the update, due to the fact that my plugins such as openwp didnt work properly with it.
I was able to fix after a while, to be able to access my WordPress Dashboard again.
But I needed to use Filezilla, because I wanted to change my URL. I made an update with updraftplus right before I installed the newest WordPress version. I saved it on my computer and downloaded Filezilla client.
I extracted the file and uploaded them on the server.
Everything went through smoohtly, but as soon as I finished, I wasnt able to open my website anymore. Ever since then, I have not been able to reach my WordPress backend and my actual Website doesnt show up on my URL.
I know that my data is not gone, because I can see it on the server, but I am wondering if I overwrote files, or did something wrong. I dont really want to try anything else out anymore, because I am scared of making it worse. Also I cannot find any information on that online.
Furthermore my Wpcontent index says (Silent is golden) and I was like that after I downloaded the files onto my computer.
I really dont know what to do now.
I would really appreciate any advice.