[tahoe-lafs-trac-stream] [tahoe-lafs] #1665: Brainstorm webapi vulnerabilities between the operator and a user and between users.
tahoe-lafs
trac at tahoe-lafs.org
Tue Mar 13 21:12:53 UTC 2012
#1665: Brainstorm webapi vulnerabilities between the operator and a user and
between users.
-------------------------+-------------------------------------------------
Reporter: | Owner:
nejucomo | Status: new
Type: task | Milestone: undecided
Priority: major | Version: n/a
Component: code- | Keywords: docs security webapi introducer
frontend-web | accounting status
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by zooko):
Replying to [comment:5 nejucomo]:
> '''Network vulnerability to users''': Leaked introducer furl.
>
> Any user of the webapi can learn the introducer furl, which in some use
cases is undesirable.
>
> '''Workaround''' (low confidence): Blocking requests to the webapi
{{{/}}} url prevents the user from learning the introducer furl.
''Warning'': This may not be sufficient; I recommend waiting for more
community confidence in this workaround before relying on it.
This is #860.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1665#comment:9>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list