[tahoe-dev] [tahoe-lafs] #127: Cap URLs leaked via HTTP Referer header
tahoe-lafs
trac at tahoe-lafs.org
Sat Dec 25 00:15:58 UTC 2010
#127: Cap URLs leaked via HTTP Referer header
-----------------------------------+----------------------------------------
Reporter: warner | Owner: davidsarah
Type: defect | Status: assigned
Priority: major | Milestone: 1.9.0
Component: code-frontend-web | Version: 0.7.0
Resolution: | Keywords: confidentiality integrity preservation capleak
Launchpad Bug: |
-----------------------------------+----------------------------------------
Comment (by warner):
Incidentally, someone told me the other day that any URLs sent through
various google products (Google Talk the IM system, Gmail, anything you
browse while the Google Toolbar is in your browser) gets spidered and
added to the public index. The person couldn't think of any conventions
(beyond robots.txt) to convince them to *not* follow those links, but they
could think of lots of things to encourage their spider even more.
I plan to do some tests of this (or just ask google's spider to tell me
about tests which somebody else has undoubtedly performed already).
I know, I know, it's one of those boiling the ocean things, it's really
unfortunate that so many tools are so hostile to the really-convenient
idea of secret URLs.
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/127#comment:29>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-dev
mailing list