[tahoe-lafs-trac-stream] [tahoe-lafs] #2142: How to enhance WebUI default security against capability eavesdropping?
tahoe-lafs
trac at tahoe-lafs.org
Sat Dec 28 14:08:15 UTC 2013
#2142: How to enhance WebUI default security against capability eavesdropping?
-------------------------+-------------------------------------------------
Reporter: | Owner: amontero
amontero | Status: new
Type: | Milestone: undecided
enhancement | Version: 1.10.0
Priority: normal | Keywords: websec confidentiality privacy wui
Component: code- | webapi docs
frontend-web |
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by daira):
I'm not enitely sure about this, but as far as I understand: A browser
certificate exception does ''not'' mean "pin the certificate I just saw to
the domain name for this site and warn me again if the cert changes". It
means "suppress all future warnings for this domain name, thus making SSL
useless for this domain".
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2142#comment:12>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list