Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You are not correct. Only you can delete your uploaded file.

That reminds me of a cool thing [1] one of our users built on top of MediaCrush, though, where others can delete your files.

[1] https://github.com/blha303/SnapCrush



By "only you can delete" you mean "only user with your IP can delete"?

1. Open FF / upload some file, get https://mediacru.sh/<someid>

2. Open Chrome in private mode

3. Go https://mediacru.sh/api/<someid>/delete

4. File is gone!


You == your IP, in this case. We check the deleter's IP against the bcrypted one we store with the file before allowing them to delete it. There's an open GitHub issue discussing alternative methods [1] if you'd like to read some more about it.

[1] https://github.com/MediaCrush/MediaCrush/issues/311


It's clear now. Nice job!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: