[tahoe-lafs-trac-stream] [tahoe-lafs] #615: Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe?
tahoe-lafs
trac at tahoe-lafs.org
Thu Jul 5 12:30:10 UTC 2012
#615: Can JavaScript loaded from Tahoe access all your content which is loaded
from Tahoe?
-------------------------+-------------------------------------------------
Reporter: zooko | Owner: davidsarah
Type: defect | Status: assigned
Priority: | Milestone: soon
critical | Version: 1.3.0
Component: code- | Keywords: newcaps confidentiality integrity
frontend-web | preservation capleak gsoc
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by ChosenOne):
One could use Content Security Policy (CSP) to disallow any JavaScript
except the one that tahoe needs to operate.
This will break !WebApps on tahoe, but foil attacks too. Mh.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/615#comment:25>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list