[tahoe-dev] [tahoe-lafs] #674: controlled access to your WUI
tahoe-lafs
trac at allmydata.org
Sat Jul 11 04:23:13 PDT 2009
#674: controlled access to your WUI
-------------------------+--------------------------------------------------
Reporter: zooko | Owner: nobody
Type: enhancement | Status: new
Priority: major | Milestone: undecided
Component: unknown | Version: 1.3.0
Keywords: | Launchpad_bug:
-------------------------+--------------------------------------------------
Comment(by warner):
good point. I suppose that means making the $WUI_SECRET pages come from a
completely different origin, by using a separate port number or something.
We'd still need $WUI_SECRET, of course.
We'll have to have a rule that says we never emit unescaped external
content on any page served below $WUI_SECRET . That means not using this
namespace for delivering files or directories, and it also means being
careful about escaping node nicknames and log messages and anything else
that we might want to serve from that space.
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/674#comment:3>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
More information about the tahoe-dev
mailing list