[tahoe-dev] [tahoe-lafs] #957: embed security metadata in URL

tahoe-lafs trac at allmydata.org
Mon Feb 15 21:47:07 PST 2010


#957: embed security metadata in URL
---------------------------------------+------------------------------------
 Reporter:  zooko                      |           Owner:  somebody 
     Type:  defect                     |          Status:  new      
 Priority:  major                      |       Milestone:  undecided
Component:  code                       |         Version:  1.6.0    
 Keywords:  newcaps newurls integrity  |   Launchpad_bug:           
---------------------------------------+------------------------------------

Comment(by zooko):

 I think you are right that there is no point in including "moved
 permanently" in a URL, since you instead just give them the new URL!
 (Well, there could be a point, which is to inform them that this new URL
 ought to ''replace'' that old one in their database.)

 But there's surely a point to petrified -- because if you had a mutable
 file, and then you petrified it, and then you give the URL to someone, you
 don't want some sort of rollback attack letting them see an unpetrified
 file!

-- 
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/957#comment:4>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid


More information about the tahoe-dev mailing list