[tahoe-dev] XSRF attacks -- we need to do something about v0.5
zooko
zooko at zooko.com
Thu Aug 23 12:29:10 PDT 2007
Following-up to my own post:
On Aug 22, 2007, at 9:40 AM, zooko wrote:
> By the way, it occurred to me that if the tahoe client didn't
> automatically map for you from the string "private" to the uri of
> your private vdrive's top-level directory, then this attack would not
> be able to disclose your confidential data.
>
> So, for example, we *could* patch v0.5 by removing that mapping!
>
> I'm not actually suggesting that we do this. For one thing, it
> wouldn't prevent this attack from deleting your public data. For
> another thing, people really benefit from being able to use the word
> "private" instead of a large random URI to refer to their private
> data.
I was wrong about both of these. This change does prevent an
attacker from deleting your public data, and the other solution that
we were considering also made the URL's less human-friendly for
editing, remembering, cutting-and-pasting, etc.
So, as per ticket #98, we've gone ahead with the "just don't have a '/
vdrive/private/' feature" for v0.5.1.
Regards,
Zooko
tickets mentioned in this message:
http://allmydata.org/trac/tahoe/ticket/98
More information about the tahoe-dev
mailing list