[tahoe-dev] webapi is vulnerable to XSRF attacks. (Defect #98)
Nathan
nejucomo at gmail.com
Fri Aug 10 14:13:07 PDT 2007
I've added a ticket discussing how the webapi is vulnerable to XSRF attacks:
http://allmydata.org/trac/tahoe/ticket/98
Because this is a little known prototype, I categorized it as minor.
However, if we plan on Tahoe becoming popular, I believe it should be
addressed. The sooner, the better because of backwards compatibility
issues.
I believe this should be fairly easy to fix technically but would
require altering the webapi and web user interface.
The largest interface change for the solution I imagine is to prevent
URLs from initiating actions unless they include a session-specific
unguessable nonce. This means users can't cut'n'paste URLs to/from
eachother to share data. A workaround is to allow them to paste in a
constrained input form provided by the web UI, but even this needs to
be carefully thought out.
I'd like to implement a solution if we agree on the UI changes.
Regards,
Nathan
More information about the tahoe-dev
mailing list