Send in your ideas. Deadline June 1, 2026

FileSender

Server application to send files of arbitrary size

This page contains a concise overview of projects funded by NLnet foundation that belong to FileSender (see the thematic index). There is more information available on each of the projects listed on this page - all you need to do is click on the title or the link at the bottom of the section on each project to read more.

FileSender — FileSender Crypto Improvements

FileSender is a secure and private way to share very large files with end-to-end encryption. It can be self-hosted or offered as service. After a security assessment by OpenFortress, it became clear that FileSender should move from AES-CBC to AEC-GCM mode cryptography. The random password generator should also produce a random fixed length key tuned to provide the entropy that the AES algorithm can take advantage of. The CI test suite is extended to test that the data encrypted using an older key mode can be decoded by the current FileSender release to ensure updates and migrations do not cause issues.

>> Read more about FileSender

FileSender Multistage — Improve FileSender scalability

FileSender is an open source web application for sending files of any size, quickly and securely. The sender has full control over who receives and can access the files and for which period of time – as it should be. It is important to FileSender users (especially first time users) that the flow for submitting files and downloading them is smooth. There is no one user experience that covers all use cases, and moreover people might be used to proprietary services that can offer a simple experience - courtesy of them not being federated or interoperable across instances. That means a need for supporting diversity in several dimensions. In this project will swap out the bespoke legacy CSS behind FileSender and switch to a widely used framework, which makes customisation easier for the developers. Another focus is on performance tuning: FileSender needs to run maintenance free and handle tens of thousands of users on a single install without problems. This project will deliver several improvements to FileSender to improve overall performance, stability and security.

>> Read more about FileSender Multistage

FileSender UX ZIP — Encrypted multi-file streaming

FileSender is an open source web application for sending files of any size, quickly and securely. The sender has full control over who receives and can access the files and for which period of time – as it should be. This project aims to create a major update to the user interface of FileSender: the software offers End-to-End encryption for sending one or more files in a transfer. Because encryption is done in the browser the server can not offer an archive containing all of the files for an entire transfer. Decryption must happen in the browser and so any archive containing the decrypted files must be created in the browser. This build on the recent streaming decryption support to allow zip64 files to be created containing selected files from an encrypted transfer. The content will be decrypted in the browser prior to being streamed to the zip64 archive. There will be additional effort to improve overall performance, stability and security.

>> Read more about FileSender UX ZIP

FileSender IDOR and Rate Limiting — Security improvements to FileSender

FileSender is an open source web application for sending files of any size, quickly and securely. The sender has full control over who receives and can access the files and for which period of time – as it should be. This project is to address a number of issues discovered during a security audit. These issues include possible insecure direct object references during a guest file upload, missing rate limiting for some email notifications which could allow abuse, a modification to a cookie for better security against internal attacks, and dependency updates.

>> Read more about FileSender IDOR and Rate Limiting

FileSender UX/UI — UX/UI overhaul of FileSender

Privacy and data security have become top priority to organisations and individuals alike. Secure, trustworthy and transparent services for sharing files are difficult to find, however. With most available services on the market, users don’t really know what happens with their confidential files, nor whether or not their files are deleted by the service once the files have been successfully transferred from A to B. This lack of technical transparency not only poses a risk to data security and privacy, but also creates serious impediments to compliance and control.

FileSender is a libre filesharing server designed with privacy and data security in mind, and capable of exchanging extremely large files - in fact, the key limit is the capacity of the equipment and the capacity of the network connection rather the software. FileSender is free and open source technology, which allows users and developers to maintain and enhance it to cater for new use cases. It is easy to customise the look and feel, so organisations and service providers can easily integrate it into their offering to users and customers. FileSender allows to encrypt files in transit and offers full control to users – as it should be when it comes to sensitive data. In this project, the entire user interface and user experience (UX/UI) are overhauled, from the user front end and the administrative interface to the emails that are sent out.

>> Read more about FileSender UX/UI

FileSender — Security improvements for FileSender

FileSender is a web based application that allows authenticated users to securely and easily send arbitrarily large files to other users. Authentication of users is provided through SimpleSAMLphp, supporting SAML2, LDAP and RADIUS and more. Users without an account can be sent an upload voucher by an authenticated user. FileSender is developed to the requirements of the higher education and research community. The purpose of the software is to send a large file to someone, have that file available for download for a certain number of downloads and/or a certain amount of time, and after that automatically delete the file. The software is not intended as a permanent file publishing platform. This project will tackle a number of security improvements identified through a Security Assessment performed by Computest.

>> Read more about FileSender

FileSender secure passwords

FileSender is a secure and private way to share very large files with end-to-end encryption. It can be self-hosted or offered as service. This project addresses password security in a number of manners: key generation optimization, offering a PBKDF2 user interface and password improvements - some browsers like Microsoft Edge and Internet Explorer do not support PBKDF2 for generating a cryptographic key from a user supplied password. This requires an alternative solution for those browsers.

>> Read more about FileSender secure passwords

FileSender — Improve streaming downloads and encryption

FileSender is an open source web application for sending files of any size, quickly and securely. The sender has full control over who receives and can access the files and for which period of time – as it should be. FileSender is developed to the requirements of the higher education and research community. This project addresses a variety of issues including rate limiting on e-mail functionality, testing for sensitive information stored in URLs, testing for missing authentication or authorization, testing for identifier-based authorization and streaming download and decrypt of encrypted content on modern browsers.

>> Read more about FileSender

Search

Navigate projects

By theme

Want to help?
Help us by protecting open source and its users with 5 minutes of your time.