[tahoe-lafs-trac-stream] [tahoe-lafs] #1447: add read-only mode for gateways
tahoe-lafs
trac at tahoe-lafs.org
Tue Aug 13 23:05:23 UTC 2013
#1447: add read-only mode for gateways
-------------------------+-------------------------------------------------
Reporter: zooko | Owner: zooko
Type: | Status: new
enhancement | Milestone: soon
Priority: major | Version: 1.8.2
Component: code- | Keywords: readonly gateway security testgrid
frontend | s3-backend
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Changes (by daira):
* milestone: 1.11.0 => soon
Old description:
> I want to host my blog and other publicly-readable documents on a grid
> like the Public Test Grid. The operators of the Public Test Grid gateway
> recently shut it down:
>
> http://tahoe-lafs.org/pipermail/tahoe-dev/2011-July/006572.html
>
> A potentially good way to run the Public Test Grid, and still allow
> people to experiment with it, and allow me to host my blog on it, while
> deterring people from using it as a publishing platform for their
> controversial files, would be to put the public gateway into read-only
> mode.
>
> I propose to add a configuration option to [http://tahoe-lafs.org/trac
> /tahoe-lafs/browser/trunk/docs/configuration.rst#client-configuration the
> "client" (a.k.a. "gateway") section of tahoe.cfg] to make a gateway read-
> only.
>
> We had talked about making it so the gateway would offer read-only
> service on one port and read-write service on a different port, but after
> more reflection I would rather not do that for now. It would be easy for
> users to misunderstand and think that Tahoe-LAFS was somehow going to
> prevent unauthorized users from using the more privileged port, when in
> fact the users would have to set up firewall rules and/or HTTP-level
> proxies themselves to prevent unauthorized users from connecting to the
> more privileged port. Also, I have never yet wanted a single gateway
> process to serve both kinds of access, so this may be a case of YAGNI. In
> any case, it will definitely be simpler to implement a gateway-wide read-
> only policy.
New description:
I want to host my blog and other publicly-readable documents on a grid
like the Public Test Grid. The operators of the Public Test Grid gateway
recently shut it down:
http://tahoe-lafs.org/pipermail/tahoe-dev/2011-July/006572.html
A potentially good way to run the Public Test Grid, and still allow people
to experiment with it, and allow me to host my blog on it, while deterring
people from using it as a publishing platform for their controversial
files, would be to put the public gateway into read-only mode.
I propose to add a configuration option to [http://tahoe-lafs.org/trac
/tahoe-lafs/browser/trunk/docs/configuration.rst#client-configuration the
"client" (a.k.a. "gateway") section of tahoe.cfg] to make a gateway read-
only.
We had talked about making it so the gateway would offer read-only service
on one port and read-write service on a different port, but after more
reflection I would rather not do that for now. It would be easy for users
to misunderstand and think that Tahoe-LAFS was somehow going to prevent
unauthorized users from using the more privileged port, when in fact the
users would have to set up firewall rules and/or HTTP-level proxies
themselves to prevent unauthorized users from connecting to the more
privileged port. Also, I have never yet wanted a single gateway process to
serve both kinds of access, so this may be a case of YAGNI. In any case,
it will definitely be simpler to implement a gateway-wide read-only
policy.
--
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1447#comment:6>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list