[tahoe-dev] web "control panel"
Chris Palmer
chris at noncombatant.org
Tue Jan 25 19:40:15 UTC 2011
Brian Warner writes:
> But "safe" != "public". Part of the control panel may (side-effect-freely)
> show information that's supposed to be private to the node operator, like
> comments they've entered about other servers, or their remaining $ balance
> with a commercial server operator. It sounds like the usual framework's
> reliance upon ambient cookies leaves this uncovered, or assumes that
> Same-Origin-Policy protects them because the usual ways to avoid it don't
> make it easy to get data back out. Hrm.
I don't know what you mean. Safeness, idempotence, and publicness are
orthogonal.
> > <a onclick="deleteAccount()">Delete Account</a>
>
> Hrm, so mandatory JS. I'll think about it.
I found another option:
<style>
.foo {
text-decoration: underline;
text-color: blue;
border: 0px solid;
color: blue;
background-color: white;
font-size: 100%;
}
</style>
<form method=POST>
<input type="hidden" name="goat" value="yes" />
<input class="foo" type="submit" name="noodle" value="noodle" />
</form>
--
http://noncombatant.org/
More information about the tahoe-dev
mailing list