[tahoe-lafs-trac-stream] [tahoe-lafs] #1720: privacy leak
tahoe-lafs
trac at tahoe-lafs.org
Sat Apr 14 21:11:38 UTC 2012
#1720: privacy leak
--------------------------+----------------------------
Reporter: jg71 | Owner: davidsarah
Type: defect | Status: new
Priority: normal | Milestone: undecided
Component: unknown | Version: 1.9.1
Keywords: privacy,easy | Launchpad Bug:
--------------------------+----------------------------
when a client/node is created, in tahoe.cfg "web.static = public_html" is
enabled by default, but public_html is not created. Thus, surfing to
http://localhost:3456/static/ leaks
a) the absolute path of where web.static is expected to be
b) the python version used
c) maybe which OS is used
solution: don't enable web.static by default, or create public_html
directory during client/node creation
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1720>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list