notaprivatecloud ☁️ - Your Files, Totally Not Private!

Project Creator

Arjun Vasu

Master of Science in Computer Science

Clark University

Project Mission

The main motive of this project is to explore cybersecurity concepts through a community cloud storage platform. This is an educational project designed to demonstrate and learn about various security implementations in web applications.

Security Features Implemented

🔐
Authentication & Session Management
Admin authentication with secure HttpOnly, Secure, and SameSite cookie policies. 24-hour session expiration for automatic logout.
🛡️
Rate Limiting
100 requests/minute for general API calls, 20 requests/minute for uploads. Protects against brute force and DoS attacks.
📁
File Type Restrictions
Whitelist of 24 safe MIME types allowed. Blacklist of 23 dangerous executable extensions (exe, bat, cmd, js, etc.) blocked.
📏
Upload Size Limits
5 MB maximum per file for public users. 1 GB total storage limit per session to prevent abuse.
🔍
Input Validation & Sanitization
Null byte filtering, path traversal protection (blocks ../ and ..\), filename sanitization with safe character whitelist, and 255 character length limit.
🌐
Security Headers
X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-XSS-Protection, Strict-Transport-Security (HSTS), Content-Security-Policy, and Referrer-Policy headers on all responses.
🔒
HTTPS Enforcement
HSTS header with 1-year max-age ensures all connections use encrypted HTTPS.
🚫
Clickjacking Protection
X-Frame-Options: DENY prevents the site from being embedded in iframes, protecting against clickjacking attacks.
⚡
XSS Prevention
Content-Security-Policy restricts script sources. Frontend HTML escaping prevents injection. X-XSS-Protection as fallback for older browsers.
📝
MIME Type Validation
Server-side validation blocks executable MIME types like application/x-msdownload. X-Content-Type-Options prevents MIME sniffing attacks.
📍
IP Tracking & Logging
Client IP addresses are logged with uploads for accountability. Supports CF-Connecting-IP, X-Forwarded-For, and X-Real-IP headers.
🗂️
Path Traversal Protection
All file paths validated to prevent directory traversal attacks. Blocks attempts to access files outside designated storage.

Disclaimer

This is a community file sharing platform for educational purposes. Files uploaded here are NOT private and can be accessed by others. Do not upload sensitive information, passwords, API keys, or confidential data.

Game Over, No Files! 🎨

Wahoo! Pipe incoming!