[tahoe-dev] Giving away the farm (was Re: Google Summer of Code 2010 -- Ideas Needed!)
James A. Donald
jamesd at echeque.com
Sat Mar 13 20:53:24 PST 2010
Jeremy Fitzhardinge wrote:
> On 03/12/2010 04:12 PM, Toby Murray wrote:
>
>> http://testgrid.allmydata.org:3567/uri/URI:DIR2:u64egztouchecgmlssxx3nk3o4:skv6utnyk4o5y3ea4qaznxflne6mvf4rrrmddjnbkcmdpvadqgya/
>>
>>
>
> An aside, this URL represents a (presumed) error I've been desperately
> afraid of making myself because it seems so easy to do. This is a
> *writable* directory cap, so Toby has given away the farm on this
> directory, and we have no idea whether the explorer.zip referred to is
> the one he intended.
>
> Tahoe's WUI makes it really easy to make this mistake because the
> writable cap is clearly the one that the file owner is going to be using
> - but (special occasions excepted) you're always going to want to give
> away the RO variant.
>
> I have no idea how to address this. The problem is fundamental to a
> capability system, so the question is: how to mitigate it?
>
UI problem. Needs a capability manager with a UI for storing and
managing capabilities that looks like a bookmark manager, and somewhat
like a file manager, but that knows what capabilities are. It never
ordinarily shows you the globally unique identifier, and when you drag
and drop, or cut and paste, a capability from the capability manager to
the outside, defaults to the least capable capability - typically read only.
More information about the tahoe-dev
mailing list