[tahoe-lafs-trac-stream] [Tahoe-LAFS] #1665: Brainstorm webapi vulnerabilities between the operator and a user and between users.
Tahoe-LAFS
trac at tahoe-lafs.org
Sat Aug 23 21:25:40 UTC 2014
#1665: Brainstorm webapi vulnerabilities between the operator and a user and
between users.
-------------------------+-------------------------------------------------
Reporter: | Owner:
nejucomo | Status: new
Type: task | Milestone: undecided
Priority: major | Version: n/a
Component: code- | Keywords: docs security webapi introducer
frontend-web | accounting status websec
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by nejucomo):
Replying to [comment:10 zooko]:
> Replying to [comment:4 nejucomo]:
> > '''Operator vulnerability to users''': Arbitrary upload.
>
> This is #1447.
I disagree. #1447 is for implementing a specific (easy to implement)
policy: No uploads at all.
However there are many more potential policies (which are not yet
implemented) for upload, such as requiring users to provide some proof of
allocated storage on a set of servers along the lines of the accounting
roadmap.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1665#comment:14>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list