[volunteergrid2-l] Fwd: [tahoe-dev] Announcement: lafs-rpg - Restrictive Proxy Gateway

slush slush at centrum.cz
Wed Jan 25 22:24:07 UTC 2012


My apologies, I expected it contains also some application logic. No, I
don't need to review haproxy itself, just that "lafs-rpg" doesn't do
anything nasty inside.

If it is just a haproxy configuration, I should take look myself.

slush

On Wed, Jan 25, 2012 at 10:42 PM, Shawn Willden <shawn at willden.org> wrote:

> Would you need the haproxy code to be reviewed?  It looks like what the OP
> did was just create a tool to automatically configure haproxy, so that
> would be easy to review.  Reviewing the haproxy source... not so much.
>
>
> On Wed, Jan 25, 2012 at 2:26 PM, slush <slush at centrum.cz> wrote:
>
>> Hi,
>>
>> anyone willing to do source code peer review? I have no time to read the
>> code, however I can setup it on (almost) unlimited 10Gbit line. But it's
>> production server...
>>
>> slush
>>
>>
>> On Wed, Jan 25, 2012 at 7:08 PM, Shawn Willden <shawn at willden.org> wrote:
>>
>>> Yeah, not a good choice :)
>>>
>>>
>>> On Wed, Jan 25, 2012 at 10:56 AM, Jody Harris <jharris at harrisdev.com>wrote:
>>>
>>>> My Rackspace box would be ideal for everything except that I have to
>>>> pay for bandwidth by the GB.
>>>> ----
>>>> Ph. 575-208-4567
>>>> - Think carefully.
>>>>
>>>>
>>>>
>>>> On Wed, Jan 25, 2012 at 9:41 AM, Shawn Willden <shawn at willden.org>wrote:
>>>>
>>>>> Anyone feel like setting this up?  I might give it a try, but the
>>>>> ideal would be to have a gateway on a super-fast, unlimited bandwidth
>>>>> connection.  Mine is pretty fast, but I think some folks have gigabit.
>>>>>
>>>>> ---------- Forwarded message ----------
>>>>> From: Nathan <nejucomo at gmail.com>
>>>>> Date: Wed, Jan 25, 2012 at 2:13 AM
>>>>> Subject: [tahoe-dev] Announcement: lafs-rpg - Restrictive Proxy Gateway
>>>>> To: Tahoe-LAFS development <tahoe-dev at tahoe-lafs.org>
>>>>>
>>>>>
>>>>> Hello tahoe-dev,
>>>>>
>>>>> There is demand for a more "locked down" webapi that the public can
>>>>> use to retrieve content from a Tahoe-LAFS network, while minimizing
>>>>> risk to the webapi operator.  I too have wanted this for awhile, and
>>>>> I've implemented a set of HTTP redirection and access control rules in
>>>>> haproxy.
>>>>>
>>>>> I've made a script to stick the right parameters in the right spots of
>>>>> the configuration and bundled it up here:
>>>>>
>>>>> https://bitbucket.org/nejucomo/lafs-rpg/overview
>>>>>
>>>>> This repository is intended to allow you to get a "public gateway" to
>>>>> Tahoe content up and running on a debian system with minimal fuss.
>>>>> Let me know if you try it and something doesn't work.  (Also, I've
>>>>> tried to document it well, let me know if that needs improvement.)
>>>>>
>>>>> I've spent some time thinking about and researching the webapi
>>>>> frontend to understand what "locked down" should be.  If you want a
>>>>> public webapi that is read-only, this project is a good start and
>>>>> *should be* reasonably secure.  However, security is much harder to
>>>>> notice than a lack of security.  If you see flaws, please let me know
>>>>> with the bitbucket issue tracker.
>>>>>
>>>>> I've created some new Tahoe-LAFS tickets and rounded up old tickets
>>>>> that seem relevant to this project:
>>>>>
>>>>> Here's a "brainstorm" that urges the community to think about the case
>>>>> where an operator wants to provide a public gateway but have some
>>>>> safeguards against malicious users:
>>>>>
>>>>> https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1665
>>>>>
>>>>> That links to other tickets about documenting the webapi URL structure
>>>>> (#1663) in a concise way (to make access policies easier to reason
>>>>> about), and a few old ones about unconstrained uploads (#587) and
>>>>> leaking an introducer furl (#860).
>>>>>
>>>>>
>>>>> I've just set up a lafs-rpg site, with not much in the way of content,
>>>>> in case you want to poke at a live demo:
>>>>>
>>>>> https://con.struc.tv
>>>>>
>>>>>
>>>>> Regards,
>>>>> Nathan
>>>>> _______________________________________________
>>>>> tahoe-dev mailing list
>>>>> tahoe-dev at tahoe-lafs.org
>>>>> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Shawn
>>>>>
>>>>> _______________________________________________
>>>>> volunteergrid2-l mailing list
>>>>> volunteergrid2-l at tahoe-lafs.org
>>>>> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
>>>>> http://bigpig.org/twiki/bin/view/Main/WebHome
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> volunteergrid2-l mailing list
>>>> volunteergrid2-l at tahoe-lafs.org
>>>> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
>>>> http://bigpig.org/twiki/bin/view/Main/WebHome
>>>>
>>>
>>>
>>>
>>> --
>>> Shawn
>>>
>>> _______________________________________________
>>> volunteergrid2-l mailing list
>>> volunteergrid2-l at tahoe-lafs.org
>>> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
>>> http://bigpig.org/twiki/bin/view/Main/WebHome
>>>
>>
>>
>> _______________________________________________
>> volunteergrid2-l mailing list
>> volunteergrid2-l at tahoe-lafs.org
>> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
>> http://bigpig.org/twiki/bin/view/Main/WebHome
>>
>
>
>
> --
> Shawn
>
> _______________________________________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.org
> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> http://bigpig.org/twiki/bin/view/Main/WebHome
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/cgi-bin/mailman/private/volunteergrid2-l/attachments/20120125/a867ce8a/attachment-0001.html>


More information about the volunteergrid2-l mailing list