[tahoe-dev] Authority to DoS via WAPI
zooko
zooko at zooko.com
Wed Jan 14 13:01:44 PST 2009
Greetings, Toby Murray!
Welcome!
Thanks for the kind words.
> It seems strange to require an unguessable (F)URL to join the grid
> but not one to consume space on it.
You're right. We have detailed plans to implement fine-grained,
decentralized, efficient, delegatable, auditable control of the usage
of space. I think Brian intends to start on implementing it as soon
as Tahoe-1.3.0 is released.
But in the meantime, it sure would make sense to have a way to give
people read-only access to a grid as a whole.
One hack would be to use the fact that HTTP GETs can't be used to
cause side-effects on Tahoe. If you give someone access to a web
proxy which passes GETs through but rejects PUTs, POSTs, and DELETEs,
then they'll have read-only access to the whole grid.
Perhaps something like that should be included in Tahoe itself -- I'm
not sure. Patches, documentation, etc. welcome!
Regards,
Zooko
More information about the tahoe-dev
mailing list