[tahoe-lafs-trac-stream] [tahoe-lafs] #2143: Adding aliases to the WUI
tahoe-lafs
trac at tahoe-lafs.org
Sun Dec 29 02:37:25 UTC 2013
#2143: Adding aliases to the WUI
-----------------------------+------------------------
Reporter: multikatt | Owner: daira
Type: enhancement | Status: new
Priority: normal | Milestone: undecided
Component: unknown | Version:
Resolution: | Keywords: wui, alias
Launchpad Bug: |
-----------------------------+------------------------
Comment (by zooko):
There is discussion of this on [https://github.com/tahoe-lafs/tahoe-
lafs/pull/80 the pull request]. Here is a copy of my contribution:
Dear multikatt: thank you very much for the patch. I, too, would like to
see this added to the WUI in a safe way. If I understand correctly, the
current patch, with the "people can only connect to the WUI from
localhost" security feature in place, is exactly the situation we had in
Tahoe-LAFS v0.5, which Nathan Wilcox then demonstrated a live exploit for
that could delete or otherwise alter a user's data!
[//hacktahoelafs/nathan_wilcox.html]
The solution that we deployed in Tahoe-LAFS v0.5.1 was to remove this
feature, which if I understand correctly is the feature that your patch
puts back in! ☺
I think the way forward, as Daira alluded in https://github.com/tahoe-lafs
/tahoe-lafs/pull/80#issuecomment-31296775, is to implement #674
(“controlled access to your WUI”). With that implemented, then we could
safely add aliases to the WUI.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2143#comment:4>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list