Custom Query (56 matches)


Show under each result:

Ticket Summary Keywords Status Owner Type Priority
#2222 make a FAQ describing the impact of heartbleed on Tahoe-LAFS security integrity confidentiality pyopenssl heartbleed docs assigned marlowe defect critical
#366 address Nathan Wilcox's concerns about "Tahoe and the browser security model" security capleak docs websec new nejucomo defect major
#492 mutable files: add ciphertext hash tree to signature block newcaps security integrity forward-compatibility backward-compatibility mutable new zooko defect major
#587 Web nodes provide ambient upload authority upload security accounting websec new daira defect major
#635 'tahoe make-tarball' command backup metadata symlink usability security new enhancement major
#725 We should whine if we're running as root. easy security usability unix test-needed assigned davidsarah enhancement major
#753 use longer storage index / cap for collision resistance newcaps security new defect major
#827 Put file download links ('?save=true') in WUI directory listings security usability capleak docs download easy assigned davidsarah defect major
#840 Allow all CLI commands to take arguments from stdin or a file, to avoid caps being visible to other local users security confidentiality integrity usability new enhancement major
#865 Document current crypto and encoding in detail docs security new ioerror task major
#870 Prevent socket hijacking on OSes that don't prevent it by default (Windows) security integrity confidentiality privacy windows foolscap twisted docs assigned davidsarah defect major
#958 LAFS 301 Moved Permanently forward-compatibility backward-compatibility integrity newcaps newurls http sftp ftpd smb availability security revocation rollback research new enhancement major
#981 chroot support? security twisted chroot install new somebody enhancement major
#994 support precompressed files compression space-efficiency performance bandwidth security integrity backward-compatibility new somebody enhancement major
#1008 Unhandled error conditions disclose detailed information wui security privacy anonymity logging error anti-censorship new defect major
#1136 don't run a web-API frontend if you don't need one security websec new somebody enhancement major
#1142 Unlikely XSS Potential in File Names in WUI security xss html names wui new nobody defect major
#1144 Loopy/Uninhibited/Overlarge Filename Makes Web Server Crump security names wui new nobody defect major
#1198 Bogus tub location causes introducer error error introducer security DoS new defect major
#1213 Should support change of hash functions security forward-compatibility integrity new somebody task major
#1215 add CORS support security http same-origin cors websec new enhancement major
#1254 eliminate use of urllib.urlopen in check_load security capleak assigned davidsarah defect major
#1290 replace all use of pickles with JSON security pickle json new somebody defect major
#1422 https node.url is not verified by httplib https security integrity confidentiality new nobody defect major
#1447 add read-only mode for gateways readonly gateway security testgrid cloud-backend multiuser-gateway new zooko enhancement major
#1649 WUI: the error message page for a writeable file/directory nonobviously includes the write cap usability security capleak websec assigned davidsarah defect major
#1665 Brainstorm webapi vulnerabilities between the operator and a user and between users. docs security webapi introducer accounting status websec multiuser-gateway new task major
#1697 there is no test covering password-checking for SFTP or FTP tests sftp ftpd password security assigned daira defect major
#1797 WUI: view content in an HTML5 sandboxed iframe wui security usability javascript sandbox same-origin websec new defect major
#1798 Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages wui same-origin security capleak new freddyb defect major
#1859 Proof-of-concept attack: Upload and execute attacker controlled js from any domain. security javascript same-origin capleak websec new davidsarah defect major
#2055 Building tahoe safely is non-trivial install security eggs pip setuptools packaging new daira defect major
#2090 Don't expose URIs after failed CLI commands easy security capleak error cli new daira defect major
#2214 DOS defect concerning forged shares DOS security verify tahoe-check new daira defect major
#2385 node web server should use DHE/ECDHE suites automatically security websec https forward-secrecy twisted new j3i enhancement major
#925 Information leak to holders of a directory read cap, about whether each dir entry is writeable and the length of its write cap backward-compatibility privacy security assigned daira defect normal
#1408 accounting using bitcoins bitcoin accounting performance leases security new somebody defect normal
#1415 WUI is more useful than CLI security privacy capleak integrity confidentiality new defect normal
#1535 Allow restricting Tahoe-LAFS gateway to one user by supporting Unix sockets wui cli socket unix security confidentiality integrity capleak new enhancement normal
#1694 package client and server separately performance security packaging p2p new somebody enhancement normal
#2009 One Grid to Rule Them All extensibility servers-of-happiness location newurls security globalcaps new daira defect normal
#2010 Implement shortcuts to caps usability newurls introducer security aliases new enhancement normal
#2024 downloader hangs when server returns empty string download hang denial-of-service security new defect normal
#2057 reproducible builds install security eggs new daira enhancement normal
#2100 passphrase-encrypt the aliases file aliases security capleak usability new daira enhancement normal
#2136 Use Content-Security-Policy to harden the WUI csp wui security xss javascript new daira defect normal
#2213 Make SFTP generate its own key sftp ssh-keygen usability security new enhancement normal
#2331 don't display capabilities without user explicitly asking for it security capleak assigned daira defect normal
#2369 Support encryptionless sftp using sftp-over-tcp performance security confidentiality integrity new HoverHell enhancement normal
#2421 connect tahoe-lafs repo to Docker Hub docker security github new warner defect normal
#2478 back up metadata from github (PRs, commit comments, etc.) github security new task normal
#2720 format_http_error leaks the URI security capleak new daira defect normal
#3878 Potential denial of service attack by rogue servers availability, security new defect normal
#982 grsec disallows tahoe from learning its own IP address security grsec iputil transparency new ioerror defect minor
#1039 Keys with passphrases for SFTP sftp security new nobody defect minor
#1410 sftp server listens on reachable IP addresses by default sftp security new defect minor
Note: See TracQuery for help on using queries.