[tahoe-dev] How to use Caja to solve the same-origin policy hazard (hosting both webapps and untrusted content in Tahoe)

Greg Troxel gdt at ir.bbn.com
Sat Jul 30 04:50:48 PDT 2011


In your worldview, are there multiple WUIs?   I can see the desire to
use tahoe as a backing store for a web server, but until there are
redundant WUIs and the client can select among them - I don't see the
point compared to just running apache with the content in tahoe.  And
when the client can fail over among them, isn't that almost like having
the client be a tahoe node?

What you propose seems sane but I am not very familiar with browser
security issues; I just know enough to avoid browsers when feasible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20110730/25b2da15/attachment.pgp>


More information about the tahoe-dev mailing list