[tahoe-dev] Tahoe and restricting uploads
Brian Warner
warner-tahoe at allmydata.com
Wed Oct 8 13:37:19 PDT 2008
Oh, yeah, zooko's point is an excellent one. If you restrict the user to
doing a GET, then they won't be able to cause any side-effects. All files are
uploaded using PUT or POST.
Of course, the introducer.furl that the webapi node is using is presented on
its welcome page, and once you have that, you can run your own node and
upload files directly. Again, the Accounting project is meant to address
this.
> The reason for needing authentication with this system is pretty obvious
> (allowing random people to put whatever they want onto the storage nodes
> would be a disaster waiting to happen). Using a web proxy (well in my case
> im just going to let my experimental SOS take care of the authentication
> and handle all of the request to/from the tahoe node) is probably the best
> route for me to go because of its relative ease of implementation (my
> research internship ends soon, and my project needs to be presented in 6
> weeks. So doing a modification to tahoe's source in this short of a time
> frame is most likely out of the question for now).
> I am wondering though if there has been any discussion on using OpenID as a
> means of authentication in Tahoe? I know that a while back there was some
> discussion about maybe adding OpenID into Twisted and im wondering if that
> idea has been kicked around the tahoe community at all.
Not really.. as a bunch of capabilities fans, we're more about authorization
than authentication. OpenID may be a good way to find out who you *are*
(although I know a couple of folks who disagree), but that's an entirely
different question than *what* you should be allowed to do.
The Tahoe technique is about reifying an access capability into a short
unguessable string, frequently involving cryptographic techniques. If you
know the string, you get to push the button (for whichever button we're
talking about: download a specific file, modify a specific directory, etc).
If you don't, you can't.
So the way in which OpenID might be applied would be to say that there's some
server out there, and if you can convince it (by means of some OpenID
process) that you are "Bob", then it will be willing to give you Bob's root
directory cap, from which you can then get at all of Bob's files and
directories. But, of course, that means that this server is *also* able to
get at all of Bob's files and directories. I generally prefer a solution that
doesn't require us to give the server this ability, which would be to just
have Bob keep a bookmark with his rootcap in it, and forgo the "identity
server" altogether.
With respect to the upload authority, the Accounting plan is to include this
in the URL that gets bookmarked, as a query argument.
cheers,
-Brian
More information about the tahoe-dev
mailing list