id summary keywords status owner type priority 2222 make a FAQ describing the impact of heartbleed on Tahoe-LAFS security integrity confidentiality pyopenssl heartbleed docs assigned marlowe defect critical 366 "address Nathan Wilcox's concerns about ""Tahoe and the browser security model""" security capleak docs websec new nejucomo defect major 492 mutable files: add ciphertext hash tree to signature block newcaps security integrity forward-compatibility backward-compatibility mutable new zooko defect major 587 Web nodes provide ambient upload authority upload security accounting LeastAuthority.com websec new daira defect major 635 'tahoe make-tarball' command backup metadata symlink usability security new enhancement major 725 We should whine if we're running as root. easy security usability unix test-needed assigned davidsarah enhancement major 753 use longer storage index / cap for collision resistance newcaps security new defect major 827 Put file download links ('?save=true') in WUI directory listings security usability capleak docs download easy assigned davidsarah defect major 840 Allow all CLI commands to take arguments from stdin or a file, to avoid caps being visible to other local users security confidentiality integrity usability new enhancement major 865 Document current crypto and encoding in detail docs security new ioerror task major 870 Prevent socket hijacking on OSes that don't prevent it by default (Windows) security integrity confidentiality privacy windows foolscap twisted docs assigned davidsarah defect major 958 LAFS 301 Moved Permanently forward-compatibility backward-compatibility integrity newcaps newurls http sftp ftpd smb availability security revocation rollback research new enhancement major 981 chroot support? security twisted chroot install new somebody enhancement major 994 support precompressed files compression space-efficiency performance bandwidth security integrity backward-compatibility new somebody enhancement major 1008 Unhandled error conditions disclose detailed information wui security privacy anonymity logging error anti-censorship new defect major 1136 don't run a web-API frontend if you don't need one security websec new somebody enhancement major 1142 Unlikely XSS Potential in File Names in WUI security xss html names wui new nobody defect major 1144 Loopy/Uninhibited/Overlarge Filename Makes Web Server Crump security names wui new nobody defect major 1198 Bogus tub location causes introducer error error introducer security DoS new defect major 1213 Should support change of hash functions security forward-compatibility integrity new somebody task major 1215 add CORS support security http same-origin cors websec new enhancement major 1254 eliminate use of urllib.urlopen in check_load security capleak assigned davidsarah defect major 1290 replace all use of pickles with JSON security pickle json new somebody defect major 1422 https node.url is not verified by httplib https security integrity confidentiality new nobody defect major 1447 add read-only mode for gateways readonly gateway security testgrid cloud-backend multiuser-gateway new zooko enhancement major 1649 WUI: the error message page for a writeable file/directory nonobviously includes the write cap usability security capleak websec assigned davidsarah defect major 1665 Brainstorm webapi vulnerabilities between the operator and a user and between users. docs security webapi introducer accounting status websec multiuser-gateway new task major 1697 there is no test covering password-checking for SFTP or FTP tests sftp ftpd password security assigned daira defect major 1797 WUI: view content in an HTML5 sandboxed iframe wui security usability javascript sandbox same-origin websec new defect major 1798 Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages wui same-origin security capleak new freddyb defect major 1859 Proof-of-concept attack: Upload and execute attacker controlled js from any domain. security javascript same-origin capleak websec new davidsarah defect major 2055 Building tahoe safely is non-trivial install security eggs pip setuptools packaging new daira defect major 2090 Don't expose URIs after failed CLI commands easy security capleak error cli new daira defect major 2214 DOS defect concerning forged shares DOS security verify tahoe-check new daira defect major 2385 node web server should use DHE/ECDHE suites automatically security websec https forward-secrecy twisted new j3i enhancement major 925 Information leak to holders of a directory read cap, about whether each dir entry is writeable and the length of its write cap backward-compatibility privacy security assigned daira defect normal 1408 accounting using bitcoins bitcoin accounting performance leases security new somebody defect normal 1415 WUI is more useful than CLI security privacy capleak integrity confidentiality new defect normal 1535 Allow restricting Tahoe-LAFS gateway to one user by supporting Unix sockets wui cli socket unix security confidentiality integrity capleak new enhancement normal 1694 package client and server separately performance security packaging p2p new somebody enhancement normal 2009 One Grid to Rule Them All extensibility servers-of-happiness location newurls security globalcaps new daira defect normal 2010 Implement shortcuts to caps usability newurls introducer security aliases new enhancement normal 2024 downloader hangs when server returns empty string download hang denial-of-service security new defect normal 2057 reproducible builds install security eggs new daira enhancement normal 2100 passphrase-encrypt the aliases file aliases security capleak usability new daira enhancement normal 2136 Use Content-Security-Policy to harden the WUI csp wui security xss javascript new daira defect normal 2213 Make SFTP generate its own key sftp ssh-keygen usability security new enhancement normal 2331 don't display capabilities without user explicitly asking for it security capleak assigned daira defect normal 2369 Support encryptionless sftp using sftp-over-tcp performance security confidentiality integrity new HoverHell enhancement normal 2421 connect tahoe-lafs repo to Docker Hub docker security github new warner defect normal 2478 back up metadata from github (PRs, commit comments, etc.) github security new task normal 2720 format_http_error leaks the URI security capleak new daira defect normal 3878 Potential denial of service attack by rogue servers availability, security new defect normal 982 grsec disallows tahoe from learning its own IP address security grsec iputil transparency new ioerror defect minor 1039 Keys with passphrases for SFTP sftp security new nobody defect minor 1410 sftp server listens on reachable IP addresses by default sftp security new defect minor