[tahoe-lafs-trac-stream] [tahoe-lafs] #1942: google chart in wui leaks information
tahoe-lafs
trac at tahoe-lafs.org
Thu Apr 11 11:50:00 UTC 2013
#1942: google chart in wui leaks information
-------------------------+-------------------------------------------------
Reporter: leif | Owner: daira
Type: defect | Status: assigned
Priority: normal | Milestone: 1.10.0
Component: code- | Version: 1.9.2
frontend-web | Keywords: anonymity privacy integrity
Resolution: | confidentiality security capleak
Launchpad Bug: |
-------------------------+-------------------------------------------------
Changes (by warner):
* component: unknown => code-frontend-web
* milestone: undecided => 1.10.0
Comment:
Adding to 1.10 to remind me to update {{{known_issues.rst}}}. Will
retarget to 1.11 after that to cover the {{{d3.js}}} rewrite.
BTW I was careful to only have this chart on a page whose URL has no
secrets (it just has the storage index, which is also exposed to storage
servers), but I agree that a JS-enabled browser or a non-Tor-ified browser
would experience a privacy/access problem. Oops.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1942#comment:3>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list