[tahoe-lafs-trac-stream] [tahoe-lafs] #1528: escalation of authority from knowing a storage index to being able to delete corresponding shares
tahoe-lafs
trac at tahoe-lafs.org
Sun Sep 18 22:15:27 PDT 2011
#1528: escalation of authority from knowing a storage index to being able to
delete corresponding shares
-------------------------+-------------------------------------------------
Reporter: zooko | Owner: davidsarah
Type: defect | Status: closed
Priority: | Milestone: 1.8.3
critical | Version: 1.9.0a1
Component: code- | Keywords: security preservation anti-
storage | censorship storage leases
Resolution: fixed |
Launchpad Bug: 848476 |
-------------------------+-------------------------------------------------
Comment (by zooko):
Brian pointed out to me that there is another way that someone can learn
the storage index of a file. It is shown on the "Recent Uploads and
Downloads" page of a gateway. If someone can access your gateway, and
you've uploaded or downloaded the file recently (if I recall correctly it
is a FIFO queue of the most recent 20 uploads or downloads)...
Oh, I see that it is actually something more complicated:
http://tahoe-lafs.org/trac/tahoe-
lafs/browser/trunk/src/allmydata/history.py?annotate=blame&rev=4046
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1528#comment:14>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list