[tahoe-dev] [tahoe-lafs] #674: controlled access to your WUI

tahoe-lafs trac at allmydata.org
Sat Jul 11 04:23:13 PDT 2009


#674: controlled access to your WUI
-------------------------+--------------------------------------------------
 Reporter:  zooko        |           Owner:  nobody   
     Type:  enhancement  |          Status:  new      
 Priority:  major        |       Milestone:  undecided
Component:  unknown      |         Version:  1.3.0    
 Keywords:               |   Launchpad_bug:           
-------------------------+--------------------------------------------------

Comment(by warner):

 good point. I suppose that means making the $WUI_SECRET pages come from a
 completely different origin, by using a separate port number or something.
 We'd still need $WUI_SECRET, of course.

 We'll have to have a rule that says we never emit unescaped external
 content on any page served below $WUI_SECRET . That means not using this
 namespace for delivering files or directories, and it also means being
 careful about escaping node nicknames and log messages and anything else
 that we might want to serve from that space.

-- 
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/674#comment:3>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid


More information about the tahoe-dev mailing list