[tahoe-dev] remove the localfile feature from web API?
zooko
zooko at zooko.com
Thu Aug 9 13:26:13 PDT 2007
On Aug 9, 2007, at 1:32 PM, Brian Warner wrote:
>
> I've got mixed feelings on this one. Sooner or later we're going to
> build a local web ui around this thing,
...
> But if it works, and has tests, and is documented, and isn't
> particularly confusing to the user or the developer, and we know we'll
> need something like it in the future, why remove it?
...
> So, my thoughts are that localfile= should be left in place, and
> the CLI
> client should use PUT and GET exclusively.
Brian:
Thanks for the thoughtful response!
My motivation for suggesting to remove it was:
1. That it makes webapi.txt [1] a tad harder to pick up by increasing
the number of file actions from six to eight, and by introducing some
questions about security and when-to-use-it.
2. I'm not sure that the "request originates at 127.0.0.1" is
sufficient to prevent someone from exploiting this. What about multi-
user machines? What about web proxies? What about phishing? At
this point I would rather turn it off by default than spend time
trying to think of ways that it could be safe or unsafe...
I agree with you that the code works and is tested and the it or
something very close to it will soon be needed, so I agree with you
on your two suggestions of leaving the code in place and not-using it
in the CLI. In addition, I was thinking of something like: disable
localfile entirely by default (to satisfy concern #2), and omit it
from the first release of webapi.txt (to satisfy concern #1). How
does that sound?
Regards,
Zooko
[1] http://allmydata.org/trac/tahoe/browser/docs/webapi.txt
More information about the tahoe-dev
mailing list