[tahoe-lafs-trac-stream] [tahoe-lafs] #1665: Brainstorm webapi vulnerabilities between the operator and a user and between users.
tahoe-lafs
trac at tahoe-lafs.org
Wed Jan 25 05:04:10 UTC 2012
#1665: Brainstorm webapi vulnerabilities between the operator and a user and
between users.
-----------------------------------+-----------------------
Reporter: nejucomo | Owner:
Type: task | Status: new
Priority: major | Milestone: undecided
Component: code-frontend-web | Version: n/a
Resolution: | Keywords:
Launchpad Bug: |
-----------------------------------+-----------------------
Comment (by nejucomo):
'''User vulnerabilities to the gateway.'''
Fundamentally, a web gateway is an entity-in-the-middle, so users are
vulnerable to:
* Every capability (and transitively reachable capability) is leaked to
the gateway.
* A stock web browser won't perform any integrity checks, so the gateway
can arbitrarily modify content.
* The gateway decrypts content, so the user has no confidentiality
guarantees against the gateway.
These vulnerabilities compromise much of the utility of LAFS; never-the-
less, the usefulness of making content available to public web users
(without any custom software) is great enough that there's demand for a
"public gateway".
'''Mitigation brainstorm''': The situation could potentially improved by
moving integrity and confidentiality support into the browser- if for
example the user loaded javascript from a trusted site, which could then
proxy encrypted requests through different HTTP interfaces to the
underlying LAFS network.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1665#comment:2>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list