[tahoe-lafs-trac-stream] [tahoe-lafs] #2142: How to enhance WebUI default security against capability eavesdropping?
tahoe-lafs
trac at tahoe-lafs.org
Sat Dec 28 09:43:29 UTC 2013
#2142: How to enhance WebUI default security against capability eavesdropping?
-------------------------+-------------------------------------------------
Reporter: | Owner: amontero
amontero | Status: new
Type: | Milestone: undecided
enhancement | Version: 1.10.0
Priority: normal | Keywords: websec confidentiality privacy wui
Component: code- | webapi docs
frontend-web |
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by amontero):
But at least, if the user browses the WebUI after it being installed to
check if it works, he/she will add a browser exception. Later, if someone
tries to do any nasty MITM attack, a browser warning will him/her a
warning of that an attack/eavesdrop might be in progress. No SSL would not
alert you in any form.
I'm aware that this is far from be completely secure, but at least, it
could provide some degree of confidentiality.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2142#comment:11>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list