[tahoe-lafs-trac-stream] [Tahoe-LAFS] #1720: privacy leak because web.static does not exist (was: privacy leak)

[Tahoe-LAFS]

#1720: privacy leak because web.static does not exist
-----------------------------------+------------------------------------
     Reporter:  jg71               |      Owner:  davidsarah
         Type:  defect             |     Status:  new
     Priority:  normal             |  Milestone:  undecided
    Component:  code-frontend-web  |    Version:  1.9.1
   Resolution:                     |   Keywords:  privacy anonymity easy
Launchpad Bug:                     |
-----------------------------------+------------------------------------
Description changed by warner:

Old description:

> when a client/node is created, in tahoe.cfg "web.static = public_html" is
> enabled by default, but public_html is not created. Thus, surfing to
> http://localhost:3456/static/ leaks
>
> a) the absolute path of where web.static is expected to be
> b) the python version used
> c) maybe which OS is used
>
> solution: don't enable web.static by default, or create public_html
> directory during client/node creation

New description:

 when a client/node is created, in tahoe.cfg "web.static = public_html" is
 enabled by default, but public_html is not created. Thus, surfing to
 http://localhost:3456/static/ leaks

 a) the absolute path of where web.static is expected to be
 b) the python version used
 c) maybe which OS is used

 solution: don't enable web.static by default, or create public_html
 directory during client/node creation

--

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1720#comment:5>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage