[tahoe-lafs-trac-stream] [tahoe-lafs] #1665: Brainstorm webapi vulnerabilities between the operator and a user and between users.
tahoe-lafs
trac at tahoe-lafs.org
Wed Jan 25 05:07:06 UTC 2012
#1665: Brainstorm webapi vulnerabilities between the operator and a user and
between users.
-----------------------------------+-----------------------
Reporter: nejucomo | Owner:
Type: task | Status: new
Priority: major | Milestone: undecided
Component: code-frontend-web | Version: n/a
Resolution: | Keywords:
Launchpad Bug: |
-----------------------------------+-----------------------
Comment (by nejucomo):
'''User vulnerabilities from other users.'''
Capabilities may be leaked across browsers. For example, one user, by
browsing ongoing or completed operations may be able to acquire the
capabilities used by another user.
(I am not currently familiar enough with the operation / status features
to have confidence about this situation.)
'''Mitigation brainstorm''': Restrict operation / status features such
that only the user initiating an operation has a "capability" (distinct
from the existing filesystem read/write/verify capabilities) to view the
status of that operation.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1665#comment:3>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list