Spectre-v1 (ghostbin-v2) ship-complete checklist
-
Controller: Users -
/new
* [ ] username/password -
/login
-
username/password -
authtoken
-
-
/logout
-
auth token landing? -
don't accept accounts at all over HTTP (unless forced) -
v3perm -> user migration on login
-
-
Controller: Pastes -
.../{id}
-
.../{id}/edit
-
plus a GET response?
-
-
.../{id}/(raw|download)
? -
POST .../
orPOST ..../new
-
DELETE .../{id}
orPOST .../{id}/delete
-
length limit -
don't accept passwords over HTTP (unless forced) -
authentication
-
-
Controller: Session -
Controller: Admin -
reports
-
-
Renderer: UI - Pastes
-
language renderer infrastructure -
timeouts/expiration -
cache
-
-
- Admin
-
reports
-
-
Sessions
- Pastes
-
Renderer: JSON -
Users -
Sessions
-
-
PostgreSQL store
-
encryption/decryption
-
-
App-wide
-
configuration (services, limits, etc.) -
error handling -
logging -
CSRF -
CORS?
-
-
Backwards Compatibility
-
v2perm -> v3perm migration for legacy session cookies
-
Edited by Dustin L. Howett