[tahoe-lafs-trac-stream] [tahoe-lafs] #1665: Brainstorm webapi vulnerabilities between the operator and a user and between users.
tahoe-lafs
trac at tahoe-lafs.org
Wed Jan 25 04:53:46 UTC 2012
#1665: Brainstorm webapi vulnerabilities between the operator and a user and
between users.
-------------------------------+---------------------------
Reporter: nejucomo | Owner:
Type: task | Status: new
Priority: major | Milestone: undecided
Component: code-frontend-web | Version: n/a
Keywords: | Launchpad Bug:
-------------------------------+---------------------------
'''Problem''': The webapi interface design seems to presume the node
operator and users are mutually trusting. There is some demand for
"public" web gateways to content in a LAFS network, where the users and
gateway operator do not fully trust each other.
'''Resolution''': This ticket is resolved when the vulnerabilities are
enumerated to the operator coming from users, to the users from the
operator, and from the users between themselves.
'''Bonus Points''' awarded for each of: configuration options which reduce
a given vulnerabily's risk; workarounds which do not require code patches
(external tools are ok); and outlines of code patches to reduce the
vulnerability.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1665>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list