[volunteergrid2-l] Making our web-facing gateways NOT a rope around our necks

Brad Rupp bradrupp at gmail.com
Mon Feb 7 16:05:29 PST 2011 

What if we were to configure a gateway node that disallows HTTP POST/PUT 
and comment out the lines you mention to hide the introducer furl?

Brad

On 2/7/2011 3:14 PM, Jody Harris wrote:
> Commenting out lines 45 and 51 of welcome.xhtml (version
> 1.8.2) alleviates the biggest concern of exposing the introducer and
> helper furls, while still allowing the connected status to those
> services to be indicated.
>
> This, of course, does not stop "outsiders" from uploading to the grid,
> but that's a different kind of problem.
>
> j
> ----
> - Think carefully.
>
>
> On Mon, Feb 7, 2011 at 2:58 PM, Jody Harris <jharris at harrisdev.com
> <mailto:jharris at harrisdev.com>> wrote:
>
>     Interesting....
>
>     I see now that the problem with web/welcome.xhtml is that it exposes
>     the introducer furl, which can be remedied easily enough be removing
>     ~10 lines of code.
>
>     There still remains the problem with the uri .... interface, which
>     exposes the ability to store files into the grid even if the forms
>     were removed from the welcome.xhtml interface.
>
>     So, really Tahoe-LAFS does not support sharing files unless the
>     owners are willing to expose their full grid to the world. Solutions
>     to this problem would necessarily be workarounds outside the use
>     case of the Tahoe-LAFS developers.
>
>     I'm cool with that as long as it's clearly stated from the beginning.
>
>     Am I on the right track?
>
>     jody
>     ----
>     - Think carefully.
>
>
>
>     On Mon, Feb 7, 2011 at 2:35 PM, Zooko O'Whielacronx <zooko at zooko.com
>     <mailto:zooko at zooko.com>> wrote:
>
>          > It might be helpful if more people created Trac accounts and
>         commented on
>          > this ticket -- I don't know.
>
>         As a tahoe-lafs developer, I definitely appreciate feedback from
>         users
>         on the tahoe-dev mailing list, and I appreciate feedback on the trac
>         even more.
>
>         Of course, the fastest way to get a feature like this one
>         implemented
>         is to do the work to implement it and submit a patch. I'll be
>         happy to
>         mentor anyone who wants to do that. The first step is to get
>         everyone
>         on the same page about what behavior would be desirable and
>         acceptable
>         to everyone, which is what the #860 ticket has accomplished.
>
>         Regards,
>
>         Zooko
>         _______________________________________________
>         volunteergrid2-l mailing list
>         volunteergrid2-l at tahoe-lafs.org
>         <mailto:volunteergrid2-l at tahoe-lafs.org>
>         http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
>         http://bigpig.org/twiki/bin/view/Main/WebHome
>
>
>
>
>
> _______________________________________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.org
> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> http://bigpig.org/twiki/bin/view/Main/WebHome

More information about the volunteergrid2-l mailing list