[tahoe-lafs-trac-stream] [tahoe-lafs] #1665: Brainstorm webapi vulnerabilities between the operator and a user and between users.
tahoe-lafs
trac at tahoe-lafs.org
Wed Jan 25 05:10:19 UTC 2012
#1665: Brainstorm webapi vulnerabilities between the operator and a user and
between users.
-----------------------------------+-----------------------
Reporter: nejucomo | Owner:
Type: task | Status: new
Priority: major | Milestone: undecided
Component: code-frontend-web | Version: n/a
Resolution: | Keywords:
Launchpad Bug: |
-----------------------------------+-----------------------
Comment (by nejucomo):
'''Operator vulnerability to users''': Arbitrary upload.
Users can upload arbitrary content (such as by a {{{PUT /uri}}} request),
so any accounting based on the gateway's identity cannot distinguish
between users. (I am not familiar with the work on accounting. This
vulnerability may soon be moot.)
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1665#comment:4>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list