Hacker Newsnew | past | comments | ask | show | jobs | submit | rbolte's commentslogin

Released version 1.0.3 which fixes the XSS and path traversal security issues (as well as 3 other issues, see https://github.com/remie/YouTransfer/issues?q=milestone%3A1.... for more info)


Good catch! The XSS error was introduced with the implementation of error handling, but is a really unwanted side effect :)

I've created two issues on GitHub (https://github.com/remie/YouTransfer/issues/107, https://github.com/remie/YouTransfer/issues/108) which will be fixed in a new hotfix release asap.


BTW: if this concerns the youtranfer.io website (instead of the YouTransfer application), I'm actually a bit hesitant to change this. I'm currently using the GitHub site generator for convenience. There is a limited set of templates available, most of which are either ugly or have readability issues. As the website basically only consists of the README file, you can also look at the GitHub project for more information (https://github.com/remie/YouTransfer)


Good suggestion! I've added an issue on GitHub (https://github.com/remie/YouTransfer/issues/106).

BTW: normally the files will expire within a specific timeframe and will be removed by a scheduled cleanup process. This should limit the impact, but if the system is heavily used it might become a problem.


Are you referring to the generated GitHub pages on http://youtransfer.io or to the demo instance (http://demo.youtransfer.io) which is the actual application?


Probably http://www.youtransfer.io/

I'm having a little trouble, too. Even making the type a little bit darker would help.


I'm a bit hesitant to change this as I'm using the GitHub site generator for convenience. There is a limited set of templates available, most of which are either ugly or have readability issues. As the website basically only consists of the README file, you can also look at the GitHub project for more information (https://github.com/remie/YouTransfer)


haha, fair enough. I just checked my github, and as you can probably guess, I've just used their template which is pretty low-contrast.


Basically... yeah, if you do not take any additional security measures, anybody can just "dump" files on your server.

You could opt for the S3 storage provider, which will dump the files to Amazon AWS instead.

The YouTransfer project does not implement access control or SSL, so it is highly recommended that you look at the hosting options on the Wiki (https://github.com/remie/YouTransfer/wiki/hosting).

I'm afraid there is not much the project can do concerning upload speeds of individual connections at home :)


This is very nice! Personally I'd really like some kind of login for the uploader so I can offer this service to friends and family (and myself ;)) without the risk of someone discovering the url and using it as a way to distribute illegal things... Perhaps it is easy to do with Apache/Nginx (when the upload site is on another subdomain for example), I don't know actually.

The speeds issue can be solved by running on a cheap DO droplet or scaleway arm server btw (my city luckily has fiber everywhere :)).


The problem with ACL is that I'm worried it will make the project more complex. I've added an issue on GitHub for future reference (https://github.com/remie/YouTransfer/issues/105)


Facebook integration might be nice here so that you could simply allow your FB friends, or perhaps those in a certain group, to share files.


Currently, the files are stored as a flat file list on the file system using their randomly generated token to create a [token].json and [token].binary file. The JSON file contains meta information, the .binary file is the actual file.

Using the default settings, you would get something like "./uploads/0b692a00635682fabc78b6a50655242c.binary" in the application directory.

I've already has plans on making it possible to change the interface, for instance not allowing direct download from the homepage. I could ament this with the feature to send email notifications to the system administrator upon successful file transfer. The combination of both would allow you to use YouTransfer.io as a public drop box for files. Does this sound about right to you?


Yes, it sounds as expected. Thank you again for your work.


Thanks! I'm glad I could help :)


Any suggestions?


I created a simple Stylish

  @namespace url(http://www.w3.org/1999/xhtml);

  @-moz-document domain("www.youtransfer.io") {
  body{
    color:#000000;
    font-size: 18px;
  }

  }


Not San Francisco not San Francisco not San Francisco ;)


:D

How about Proxima Nova? (http://www.marksimonson.com/fonts/view/proxima-nova)


Simply "Sans" will work just fine.


It's not really related. YouTransfer.io uses DropzoneJS as the file transfer UI for javascript enabled browsers.


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: