[tahoe-dev] VolunteerGrid2 desperately needs a "safe gateway"
Brian Warner
warner at lothar.com
Mon Feb 7 22:05:34 PST 2011
On 2/7/11 7:18 PM, David-Sarah Hopwood wrote:
> On 2011-02-08 02:42, Scott Dial wrote:
>> However, your idea about a "safe web gateway" is something that I had a
>> desire for as well, for my own personal grid. In that case, I am only
>> consuming my own resources by making caps known to the internet at-large
>> -- no different than hosting files on a webserver. Toward that end, I
>> setup a proxy such that path "/" required authorization and "/uri" and
>> "/file" did not.
>>
>> Unless I am mistaken, that gives anonymous access to directories and
>> files on my grid without giving access to create or upload files or to
>> servers.
>
> The ability to PUT to paths starting with /uri gives upload authority.
Or POST.
Also, the ability to PUT/POST to paths starting with /uri/DIRCAP (where
DIRCAP is a writecap) also allows for file upload. PUT
/uri/DIRCAP/newfile.txt is how you copy a new file into an existing
directory.
If you'd like to prevent uploads, configure the proxy to require
authorization for PUT/POST to anything below /uri and /file . The root
doesn't need it (all the upload forms on the welcome page target /uri),
nor does /status. GETs can only download, of course, no need for
authorization there, unless you're protecting your upstream bandwidth
from people who know a filecap but you don't want downloading it from
your gateway.
I think /file is just for files (no directories), but I can't remember
if PUT to /file/MUTABLEFILEWRITECAP is a way to modify a mutable file,
so wrapping /file with PUT/POST authorization is probably a good idea.
Incidentally, I'm trying to figure out how consume-storage-authority
should be expressed in the webapi. We represent read-data or modify-file
authority with filescaps, and put them in the URL. Can you imagine using
the same thing for a secret which granted you (and not someone else) the
right to consume storage space? The URL format that comes to mind would
be e.g.:
PUT /store/$STORAGECAP/uri/$DIRCAP/$NEWFILENAME or
PUT /store/$STORAGECAP/uri (for an unlinked upload)
If you're just browsing, in read-only mode, you wouldn't include the
/store/$STORAGECAP prefix (and you wouldn't include it in a URL that you
share, unless you wanted to share both the right to modify a specific
file/dir *and* the right to consume space in your name).
How crazy does that sound?
cheers,
-Brian
More information about the tahoe-dev
mailing list