[tahoe-dev] [tahoe-lafs] #615: Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe?
tahoe-lafs
trac at allmydata.org
Tue Oct 27 23:32:32 PDT 2009
#615: Can JavaScript loaded from Tahoe access all your content which is loaded
from Tahoe?
---------------------------+------------------------------------------------
Reporter: zooko | Type: defect
Status: new | Priority: critical
Milestone: undecided | Component: code-frontend-web
Version: 1.3.0 | Keywords: newcaps security
Launchpad_bug: |
---------------------------+------------------------------------------------
Changes (by davidsarah):
* keywords: => newcaps security
* priority: major => critical
Comment:
#821 (now reopened) describes a less serious security problem that would
still be present even if every page had a distinct origin. Note that the
fix suggested for that bug will only work if this one is also fixed, i.e.
#821 is dependent on this bug.
#127 seems to be almost exclusively about Referer header cap leakage, and
I've changed its summary to reflect that.
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/615#comment:5>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
More information about the tahoe-dev
mailing list