[tahoe-lafs-trac-stream] [tahoe-lafs] #2142: How to enhance WebUI default security against capability eavesdropping?
tahoe-lafs
trac at tahoe-lafs.org
Fri Jan 3 20:28:59 UTC 2014
#2142: How to enhance WebUI default security against capability eavesdropping?
-------------------------+-------------------------------------------------
Reporter: | Owner: amontero
amontero | Status: new
Type: | Milestone: undecided
enhancement | Version: 1.10.0
Priority: normal | Keywords: websec confidentiality privacy wui
Component: code- | webapi docs
frontend-web |
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by amontero):
So, after you have connected to a node's WebUI and accepted its cert,
you'll get a cert warning if someone later attempts MITMing and you'll be
safe against sniffers, also. Isn't that worthwhile to have?
If the above is right, I propose a feature request consisting in:
- Auto generating a SSL cert in "private/webui.{key,crt,csr}"
- Add a commented line to the generated tahoe.cfg with the WebUI
configured, with appropiate reference to docs.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2142#comment:19>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list