Future plans
============

Here are a list of welcome changes to [Coquelicot]:

 * Handle sub-directory installations

   A new setting could be added to support admins which would like to
   make Coquelicot available from a sub-directory, e.g.
   `https://example.org/dl/`.

 * More flexible expiration

   It might be interesting to also offer a calendar for specifying
   an exact date after which the file will be unavailable.

 * Hide file size (padding)

   There is currently a real close mapping from original file size to
   stored file size. Original file size will also be recorded in server
   logs. Padding could be used to improve this situation.

 * Investigate more secure encryption algorithm

   Coquelicot currently uses AES-256-CBC. [AES is getting weaker] and
   [CBC mode is subject to Padding Oracle attacks].

 * Make a usable Gem

   Most Ruby stuff is installed using Gem, so Coquelicot should also be
   installable that way. What is mostly missing is an easy way to create
   a default configuration and directories to hold uploaded files and
   temp. data.

 * Package for Debian

   A Debian package would be nice to spread Coquelicot setups.

[Coquelicot]: https://coquelicot.potager.org/
[AES is getting weaker]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
[CBC mode is subject to Padding Oracle attacks]: http://www.limited-entropy.com/padding-oracle-attacks
