Home Explore Help
Register Sign In
NSHkD
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Update 'README.md'

spaghetti 8 years ago
parent
a55b972580
commit
21810b1c4b
1 changed files with 50 additions and 46 deletions
Unified View Show Diff Stats
  1. 50
    46
      README.md

+ 50
- 46
README.md View File

1 
-This is Oppaitime's version of Gazelle
2 
-
3 
-Below are some lists of differences between this version of Gazelle and What.cd's. Please note that these lists are far from complete.
4 
-
5 
-## Major Changes
6 
-
7 
-#### Integrated Database Encryption
8 
-
9 
-Using a database key [provided by staff](sections/tools/misc/database_key.php) and only ever stored as a hash in memory (via APC), the [integrated database encryption](classes/dbcrypt.class.php) is used to encrypt sensitive user data like IP addresses, emails, and private messages regardless of the underlying system gazelle is running on.
10 
-
11 
-The rest of gazelle must be aware that some of the data it fetches from the DB is encrypted, and must have a fallback if that data is unavailable (the key is not in memory). You will see plenty of `if (!apc_exists('DBKEY')) {` in this codebase.
12 
-
13 
-#### Authorized Login Locations
14 
-
15 
-Whenever a login occurs from a location (determined by ASN) that hasn't logged into that account before, an email is sent to the account owner requesting that they authorize that location before the login will go through.
16 
-
17 
-This prevents most attacks that would be otherwise successful, as it requires an attacker to access the site from the same locations the actual user uses to login.
18 
-
19 
-#### Expunge Requests
20 
-
21 
-Users are able to view the data kept on them and [issue requests for the deletion of old information](sections/delete) to staff through a simple interface.
22 
-
23 
-#### Resource Proxying
24 
-
25 
-All external resources that may appear on a page are fetched and served by the server running gazelle. This prevents the leak of user information to third parties hosting content that has been included on a page through an image tag or similar.
26 
-
27 
-#### Scheduler
28 
-
29 
-The [scheduler](sections/schedule) has been broken up into more manageable parts and has additional selective runtime features for manual execution.
30 
-
31 
-#### Bonus Points
32 
-
33 
-Like most gazelle forks, we've added a [bonus point system](sections/schedule/hourly/bonus_points.php) and [store](sections/store).
34 
-
35 
-#### Modern password hashing
36 
-
37 
-We use new PHP password hashing features that automatically rehash your password when a better hashing algorithm is made available and employ prehashing to allow you to use a secure password of any length. Original gazelle would effectively truncate your password after around 72 characters (if the tracker even allowed you to use a password that long). This codebase does not have the same problem, and allows passwords of virtually unlimited length (over 30,000 characters by default) that remain useful after a few tens of characters.
38 
-
39 
-
40 
-## Minor Changes
41 
-
42 
-* When a torrent is trumped, the new torrent is made freeleech to users who snatched the old torrent for a few days.
43 
-* Sends headers to tell cloudflare to use HTTP/2 Server Push for most resources.
44 
-* BTN-style magnet link support.
45 
-* Support for optional per-user stylesheet additions and tweaks
46 
-* This codebase expects to run over https only.
1 
+This is Oppaitime's version of Gazelle
2 
+
3 
+Below are some lists of differences between this version of Gazelle and What.cd's. Please note that these lists are far from complete.
4 
+
5 
+## Major Changes
6 
+
7 
+#### Integrated Database Encryption
8 
+
9 
+Using a database key [provided by staff](sections/tools/misc/database_key.php) and only ever stored as a hash in memory (via APC), the [integrated database encryption](classes/dbcrypt.class.php) is used to encrypt sensitive user data like IP addresses, emails, and private messages regardless of the underlying system gazelle is running on.
10 
+
11 
+The rest of gazelle must be aware that some of the data it fetches from the DB is encrypted, and must have a fallback if that data is unavailable (the key is not in memory). You will see plenty of `if (!apc_exists('DBKEY')) {` in this codebase.
12 
+
13 
+#### Authorized Login Locations
14 
+
15 
+Whenever a login occurs from a location (determined by ASN) that hasn't logged into that account before, an email is sent to the account owner requesting that they authorize that location before the login will go through.
16 
+
17 
+This prevents most attacks that would be otherwise successful, as it requires an attacker to access the site from the same locations the actual user uses to login.
18 
+
19 
+#### Unique Infohashes
20 
+
21 
+Upon upload, torrent files are modified to contain a "source" field in the info dict containing the concatination of the site name and some generated junk data (unique per-torrent). This prevents infohash collisions with torrents cross-seeded from other sites in the same client, and also helps protect against some not particularly likely peer-leaking attacks.
22 
+
23 
+#### Expunge Requests
24 
+
25 
+Users are able to view the data kept on them and [issue requests for the deletion of old information](sections/delete) to staff through a simple interface.
26 
+
27 
+#### Resource Proxying
28 
+
29 
+All external resources that may appear on a page are fetched and served by the server running gazelle. This prevents the leak of user information to third parties hosting content that has been included on a page through an image tag or similar.
30 
+
31 
+#### Scheduler
32 
+
33 
+The [scheduler](sections/schedule) has been broken up into more manageable parts and has additional selective runtime features for manual execution.
34 
+
35 
+#### Bonus Points
36 
+
37 
+Like most gazelle forks, we've added a [bonus point system](sections/schedule/hourly/bonus_points.php) and [store](sections/store).
38 
+
39 
+#### Modern password hashing
40 
+
41 
+We use new PHP password hashing features that automatically rehash your password when a better hashing algorithm is made available and employ prehashing to allow you to use a secure password of any length. Original gazelle would effectively truncate your password after around 72 characters (if the tracker even allowed you to use a password that long). This codebase does not have the same problem, and allows passwords of virtually unlimited length (over 30,000 characters by default) that remain useful after a few tens of characters.
42 
+
43 
+
44 
+## Minor Changes
45 
+
46 
+* When a torrent is trumped, the new torrent is made freeleech to users who snatched the old torrent for a few days.
47 
+* Sends headers to tell cloudflare to use HTTP/2 Server Push for most resources.
48 
+* BTN-style magnet link support.
49 
+* Support for optional per-user stylesheet additions and tweaks
50 
+* This codebase expects to run over https only.

Write Preview
Loading…
Cancel
Save