[tahoe-dev] [tahoe-lafs] #674: controlled access to your WUI
tahoe-lafs
trac at allmydata.org
Mon Apr 27 21:06:57 PDT 2009
#674: controlled access to your WUI
-------------------------+--------------------------------------------------
Reporter: zooko | Owner: nobody
Type: enhancement | Status: new
Priority: major | Milestone: undecided
Component: unknown | Version: 1.3.0
Keywords: | Launchpad_bug:
-------------------------+--------------------------------------------------
Comment(by nejucomo):
A nitpick on which threat scenario this prevents:
This prevents CSRF attacks which maliciously embed an easily guessable
action-causing request into a context for the victim to consume.
Whether or not Javascript is used is irrelevant. In particular,
preventing CSRF attacks will not protect against malicious Javascript
which has the wapi as its origin.
It *would* protect against CSRF attacks launched via Javascript, as well
as any other CSRF attacks from a _different_ origin.
Additionally, the implementation should consider non-Javascript CSRF
attacks from *the same origin*. For example a request format of
"http://$HOST:$PORT/$WUI_SECRET/uri/$FILE_READ_CAP" would *not* protect
against relative urls from the $HOST:$PORT origin (such as a malicious
html page within a Tahoe grid).
For this reason, it seems like file/directory retrieval URLs should not
contain the $WUI_SECRET in their URL. Their own cap already provides
protection against forgery, and this prevents the relative path, same
origin, CSRF.
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/674#comment:1>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
More information about the tahoe-dev
mailing list