[tahoe-dev] Capability of a file could be changed in deep-copy??

[Shawn Willden]

On Sun, Jan 16, 2011 at 9:30 PM, Mahmoud Ismail <
mahmoudahmedismail at gmail.com> wrote:
>
> now bob has access to the image folder which means that bob has access to
> mypic.jpg, mypic2.jpg,... caps.
>
> after awhile Alice decided to dump Bob away, so as stated in the dirnode
> document
> she have to copy (deep-copy) the shared folder to another location for
> example "image2".
>

And she has to delete the entries in the "image" directory.

does deep-copy change the caps of the files mypic.jpg, mypic2.jpg??
>

No, it doesn't.


> if it doesn't so Alice have to remove the image folder to prevent Bob from
> accessing these images ??
>

Removing the image folder doesn't help, either, because even without the
directory node, Bob could have saved the caps of the files themselves.  The
only way for Alice to make them inaccessible to Bob is to wait until
expiration removes the shares of the images -- which assumes that she
doesn't have them referenced from some other directory which she's
periodically renewing leases on, and assumes that the storage servers have
expiration turned on.

However, in the same way that Bob could have saved copies of the file caps,
he could also have saved copies of the files themselves.  In general, it's
really not possible to remove access to data.  You can refuse to give access
to new data, but one someone has had access to a given piece of information,
you have to assume that if they want it, they have it forever because they
could have copied. it.

-- 
Shawn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20110116/40c96b96/attachment.html>