[tahoe-lafs-trac-stream] [tahoe-lafs] #1911: Add authentication for WUI access
tahoe-lafs
trac at tahoe-lafs.org
Fri Feb 8 19:02:08 UTC 2013
#1911: Add authentication for WUI access
-------------------------+-------------------------------------------------
Reporter: | Owner: luckyredhot
luckyredhot | Status: new
Type: | Milestone: undecided
enhancement | Version: 1.9.2
Priority: normal | Keywords: WUI, access, security,
Component: code- | authentication
frontend-web |
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by davidsarah):
Replying to [comment:4 luckyredhot]:
> Replying to [comment:3 davidsarah]:
> > Basic authentication is insecure unless over a secure channel (e.g.
TLS).
> Actually data transfer from Tahoe-LAFS WUI is also not secure due to it
uses plain HTTP instead of HTTPS.
> Ticket's goal was not to ensure everything is secure but to ensure that
intruders do not have access to WUI.
I will rephrase.
Basic authentication does not provide secure authentication unless over a
channel that already provides confidentiality.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1911#comment:5>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list