[tahoe-lafs-trac-stream] [tahoe-lafs] #1447: add read-only mode for gateways
tahoe-lafs
trac at tahoe-lafs.org
Fri Aug 26 18:19:11 PDT 2011
#1447: add read-only mode for gateways
--------------------------+------------------------------------------------
Reporter: zooko | Owner: zooko
Type: | Status: new
enhancement | Milestone: undecided
Priority: major | Version: 1.8.2
Component: code- | Keywords: readonly gateway security testgrid
frontend |
Resolution: |
Launchpad Bug: |
--------------------------+------------------------------------------------
Comment (by davidsarah):
Replying to [ticket:1447 zooko]:
> We had talked about making it so the gateway would offer read-only
service on one port and read-write service on a different port, but after
more reflection I would rather not do that for now. It would be easy for
users to misunderstand and think that Tahoe-LAFS was somehow going to
prevent unauthorized users from using the more privileged port, when in
fact the users would have to set up firewall rules and/or HTTP-level
proxies themselves to prevent unauthorized users from connecting to the
more privileged port. Also, I have never yet wanted a single gateway
process to serve both kinds of access, so this may be a case of YAGNI. In
any case, it will definitely be simpler to implement a gateway-wide read-
only policy.
That would be simpler to implement, yes. OTOH, the SFTP interface requires
a login and uses a secure connection, so it isn't subject to the objection
above about users having to authenticate access to the privileged port
externally to Tahoe. So, we might want to have a configuration option to
enable read/write SFTP while disabling other read/write access. But I
agree that doesn't need to be part of an initial implementation of this
ticket.
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1447#comment:4>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list