[tahoe-lafs-trac-stream] [tahoe-lafs] #674: controlled access to your WUI

[tahoe-lafs]

#674: controlled access to your WUI
-------------------------+-------------------------------------------------
     Reporter:  zooko    |      Owner:  nobody
         Type:           |     Status:  new
  enhancement            |  Milestone:  undecided
     Priority:  major    |    Version:  1.3.0
    Component:  code-    |   Keywords:  wui confidentiality privacy anti-
  frontend-web           |  censorship
   Resolution:           |
Launchpad Bug:           |
-------------------------+-------------------------------------------------
Description changed by zooko:

Old description:

> Currently the Welcome Page of the WUI is reachable without knowing any
> secret, for example, this one: http://testgrid.allmydata.org:3567 .   (If
> you configure your WUI to listen for connections only from localhost then
> that prevents people from connecting to it from other hosts, but it
> doesn't prevent CSRF attacks in which someone posts a web page to Tahoe,
> and when you view that page with JavaScript enabled, or click on a button
> on that page, then it accesses your WUI.)
>
> It would be good to have a page which is access-controlled by use of a
> secret capability even though it isn't specific to a file or directory.
> The entire Welcome Page might belong no that Access Controlled Welcome
> Page, or maybe only the sensitive pieces would go onto the Access
> Controlled Welcome Page.
>
> As an example (this might or might not be a good idea), the Access
> Controlled Welcome Page could have a log of the caps of all of your
> recent uploads/downloads.

New description:

 Currently the Welcome Page of the WUI is reachable without knowing any
 secret, for example, this one: http://testgrid.allmydata.org:3567 .   (If
 you configure your WUI to listen for connections only from localhost then
 that prevents people from connecting to it from other hosts, but it
 doesn't prevent CSRF attacks in which someone posts a web page to Tahoe,
 and when you view that page with !JavaScript enabled, or click on a button
 on that page, then it accesses your WUI.)

 It would be good to have a page which is access-controlled by use of a
 secret capability even though it isn't specific to a file or directory.
 The entire Welcome Page might belong no that Access Controlled Welcome
 Page, or maybe only the sensitive pieces would go onto the Access
 Controlled Welcome Page.

 As an example (this might or might not be a good idea), the Access
 Controlled Welcome Page could have a log of the caps of all of your recent
 uploads/downloads.

--

-- 
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/674#comment:7>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage