[tahoe-dev] [tahoe-lafs] #127: Cap URLs leaked via HTTP Referer header (was: smaller CSRF attack still possible)
tahoe-lafs
trac at allmydata.org
Tue Oct 27 23:25:20 PDT 2009
#127: Cap URLs leaked via HTTP Referer header
-------------------------------+--------------------------------------------
Reporter: warner | Owner:
Type: defect | Status: new
Priority: major | Milestone: undecided
Component: code-frontend-web | Version: 0.7.0
Keywords: security | Launchpad_bug:
-------------------------------+--------------------------------------------
Changes (by davidsarah):
* keywords: => security
* priority: minor => major
Comment:
This attack isn't CSRF; changing the summary accordingly.
If you like this bug, you might also like #615 and #821 :-)
(#821 is about leaking the URL to scripts in the file itself, #615 is
about leaking it to other pages.)
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/127#comment:12>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
More information about the tahoe-dev
mailing list