[volunteergrid2-l] Fwd: [tahoe-dev] Announcement: lafs-rpg - Restrictive Proxy Gateway

Shawn Willden shawn at willden.org
Wed Jan 25 21:42:01 UTC 2012 

Would you need the haproxy code to be reviewed?  It looks like what the OP
did was just create a tool to automatically configure haproxy, so that
would be easy to review.  Reviewing the haproxy source... not so much.

On Wed, Jan 25, 2012 at 2:26 PM, slush <slush at centrum.cz> wrote:

> Hi,
>
> anyone willing to do source code peer review? I have no time to read the
> code, however I can setup it on (almost) unlimited 10Gbit line. But it's
> production server...
>
> slush
>
>
> On Wed, Jan 25, 2012 at 7:08 PM, Shawn Willden <shawn at willden.org> wrote:
>
>> Yeah, not a good choice :)
>>
>>
>> On Wed, Jan 25, 2012 at 10:56 AM, Jody Harris <jharris at harrisdev.com>wrote:
>>
>>> My Rackspace box would be ideal for everything except that I have to pay
>>> for bandwidth by the GB.
>>> ----
>>> Ph. 575-208-4567
>>> - Think carefully.
>>>
>>>
>>>
>>> On Wed, Jan 25, 2012 at 9:41 AM, Shawn Willden <shawn at willden.org>wrote:
>>>
>>>> Anyone feel like setting this up?  I might give it a try, but the ideal
>>>> would be to have a gateway on a super-fast, unlimited bandwidth connection.
>>>>  Mine is pretty fast, but I think some folks have gigabit.
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: Nathan <nejucomo at gmail.com>
>>>> Date: Wed, Jan 25, 2012 at 2:13 AM
>>>> Subject: [tahoe-dev] Announcement: lafs-rpg - Restrictive Proxy Gateway
>>>> To: Tahoe-LAFS development <tahoe-dev at tahoe-lafs.org>
>>>>
>>>>
>>>> Hello tahoe-dev,
>>>>
>>>> There is demand for a more "locked down" webapi that the public can
>>>> use to retrieve content from a Tahoe-LAFS network, while minimizing
>>>> risk to the webapi operator.  I too have wanted this for awhile, and
>>>> I've implemented a set of HTTP redirection and access control rules in
>>>> haproxy.
>>>>
>>>> I've made a script to stick the right parameters in the right spots of
>>>> the configuration and bundled it up here:
>>>>
>>>> https://bitbucket.org/nejucomo/lafs-rpg/overview
>>>>
>>>> This repository is intended to allow you to get a "public gateway" to
>>>> Tahoe content up and running on a debian system with minimal fuss.
>>>> Let me know if you try it and something doesn't work.  (Also, I've
>>>> tried to document it well, let me know if that needs improvement.)
>>>>
>>>> I've spent some time thinking about and researching the webapi
>>>> frontend to understand what "locked down" should be.  If you want a
>>>> public webapi that is read-only, this project is a good start and
>>>> *should be* reasonably secure.  However, security is much harder to
>>>> notice than a lack of security.  If you see flaws, please let me know
>>>> with the bitbucket issue tracker.
>>>>
>>>> I've created some new Tahoe-LAFS tickets and rounded up old tickets
>>>> that seem relevant to this project:
>>>>
>>>> Here's a "brainstorm" that urges the community to think about the case
>>>> where an operator wants to provide a public gateway but have some
>>>> safeguards against malicious users:
>>>>
>>>> https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1665
>>>>
>>>> That links to other tickets about documenting the webapi URL structure
>>>> (#1663) in a concise way (to make access policies easier to reason
>>>> about), and a few old ones about unconstrained uploads (#587) and
>>>> leaking an introducer furl (#860).
>>>>
>>>>
>>>> I've just set up a lafs-rpg site, with not much in the way of content,
>>>> in case you want to poke at a live demo:
>>>>
>>>> https://con.struc.tv
>>>>
>>>>
>>>> Regards,
>>>> Nathan
>>>> _______________________________________________
>>>> tahoe-dev mailing list
>>>> tahoe-dev at tahoe-lafs.org
>>>> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
>>>>
>>>>
>>>>
>>>> --
>>>> Shawn
>>>>
>>>> _______________________________________________
>>>> volunteergrid2-l mailing list
>>>> volunteergrid2-l at tahoe-lafs.org
>>>> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
>>>> http://bigpig.org/twiki/bin/view/Main/WebHome
>>>>
>>>
>>>
>>> _______________________________________________
>>> volunteergrid2-l mailing list
>>> volunteergrid2-l at tahoe-lafs.org
>>> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
>>> http://bigpig.org/twiki/bin/view/Main/WebHome
>>>
>>
>>
>>
>> --
>> Shawn
>>
>> _______________________________________________
>> volunteergrid2-l mailing list
>> volunteergrid2-l at tahoe-lafs.org
>> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
>> http://bigpig.org/twiki/bin/view/Main/WebHome
>>
>
>
> _______________________________________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.org
> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> http://bigpig.org/twiki/bin/view/Main/WebHome
>



-- 
Shawn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/cgi-bin/mailman/private/volunteergrid2-l/attachments/20120125/f1198a7d/attachment.html>

More information about the volunteergrid2-l mailing list