Custom Query (102 matches)

Filters
 
Or
 
  
 
Or
 
  
 
Or
 
  
 
Or
 
  
 
Or
 
  
 
Or
 
  
 
Columns

Show under each result:


Results (1 - 100 of 102)

1 2

Priority: critical (2 matches)

Ticket Summary Keywords Status Owner Type Priority
#615 Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe? newcaps confidentiality integrity preservation capleak gsoc websec assigned davidsarah defect critical
#2222 make a FAQ describing the impact of heartbleed on Tahoe-LAFS security integrity confidentiality pyopenssl heartbleed docs assigned marlowe defect critical

Priority: major (63 matches)

Ticket Summary Keywords Status Owner Type Priority
#127 Cap URLs leaked via HTTP Referer header confidentiality integrity preservation capleak research websec assigned davidsarah defect major
#308 add directory traversal / deep-verify capability? vdrive newcaps verify repair privacy anonymity research new enhancement major
#366 address Nathan Wilcox's concerns about "Tahoe and the browser security model" security capleak docs websec new nejucomo defect major
#465 add a mutable-file cache performance cache mutable confidentiality memory new enhancement major
#467 allow the user to specify which servers a given gateway will use for uploads availability preservation cache anti-censorship placement backend rollback add-only new leif enhancement major
#492 mutable files: add ciphertext hash tree to signature block newcaps security integrity forward-compatibility backward-compatibility mutable new zooko defect major
#562 add a "censor" command to filter out sensitive information from log files privacy logging confidentiality new somebody defect major
#568 make immutable check/verify/repair and mutable check/verify work given only a verify cap confidentiality verify repair usability tahoe-check wui anti-censorship excess-authority new daira defect major
#587 Web nodes provide ambient upload authority upload security accounting LeastAuthority.com websec new daira defect major
#625 Can't repair read-only dirnodes/mutable-files confidentiality integrity preservation verify repair newcaps tahoe-backup usability anti-censorship excess-authority assigned warner defect major
#635 'tahoe make-tarball' command backup metadata symlink usability security new enhancement major
#674 controlled access to your WUI wui confidentiality privacy anti-censorship websec new nobody enhancement major
#685 [needs test] Capability of interrupted downloads is logged in twistd.log logging memory privacy confidentiality test-needed new somebody defect major
#725 We should whine if we're running as root. easy security usability unix test-needed assigned davidsarah enhancement major
#753 use longer storage index / cap for collision resistance newcaps security new defect major
#794 create DSA writecaps from a passphrase newcaps newurls usability confidentiality integrity new enhancement major
#821 A script in a file viewed through the WUI can obtain the file's read cap newcaps newurls confidentiality capleak websec assigned davidsarah defect major
#827 Put file download links ('?save=true') in WUI directory listings security usability capleak docs download easy assigned davidsarah defect major
#840 Allow all CLI commands to take arguments from stdin or a file, to avoid caps being visible to other local users security confidentiality integrity usability new enhancement major
#847 create internal VerifierNode/RepairerNode classes confidentiality integrity verify repair new somebody task major
#865 Document current crypto and encoding in detail docs security new ioerror task major
#870 Prevent socket hijacking on OSes that don't prevent it by default (Windows) security integrity confidentiality privacy windows foolscap twisted docs assigned davidsarah defect major
#922 The URL of the info page for an unknown dirnode should not grant authority to the containing directory capleak integrity confidentiality newurls assigned davidsarah defect major
#947 Add file-with-metadata caps newcaps newurls mutable immutable metadata rollback assigned davidsarah enhancement major
#954 revocable write authority integrity capleak forward-compatibility newcaps revocation research new enhancement major
#955 use client-side storage to defend against rollback attack integrity newcaps rollback new enhancement major
#956 embed security metadata in parent directory mutable newcaps newurls metadata forward-compatibility rollback revocation new enhancement major
#957 embed security metadata in URL newcaps newurls integrity redirect rollback new somebody enhancement major
#958 LAFS 301 Moved Permanently forward-compatibility backward-compatibility integrity newcaps newurls http sftp ftpd smb availability security revocation rollback research new enhancement major
#971 "Humanized failures" should still have a traceback, hidden by default error privacy anonymity assigned davidsarah enhancement major
#981 chroot support? security twisted chroot install new somebody enhancement major
#994 support precompressed files compression space-efficiency performance bandwidth security integrity backward-compatibility new somebody enhancement major
#995 It's way too easy to give away write directory caps wui jsui usability confidentiality capleak websec new nobody defect major
#997 The webapi/WUI should have https enabled by default confidentiality wui webapi capleak new nobody defect major
#1008 Unhandled error conditions disclose detailed information wui security privacy anonymity logging error anti-censorship new defect major
#1136 don't run a web-API frontend if you don't need one security websec new somebody enhancement major
#1141 Cannot Delete Or Rename Files/Directories With Wacky Names undeletable junk names delete websec assigned davidsarah defect major
#1142 Unlikely XSS Potential in File Names in WUI security xss html names wui new nobody defect major
#1144 Loopy/Uninhibited/Overlarge Filename Makes Web Server Crump security names wui new nobody defect major
#1164 use ChaCha⊕AES encryption confidentiality new somebody enhancement major
#1176 webapi should avoid using plaintext temporary file for uploads confidentiality new defect major
#1198 Bogus tub location causes introducer error error introducer security DoS new defect major
#1213 Should support change of hash functions security forward-compatibility integrity new somebody task major
#1215 add CORS support security http same-origin cors websec new enhancement major
#1234 UnrecoverableFileError message should say which file it refers to error usability capleak assigned davidsarah defect major
#1254 eliminate use of urllib.urlopen in check_load security capleak assigned davidsarah defect major
#1290 replace all use of pickles with JSON security pickle json new somebody defect major
#1368 make the added convergence secret be a per-file configuration defaults usability confidentiality convergence new nobody defect major
#1422 https node.url is not verified by httplib https security integrity confidentiality new nobody defect major
#1447 add read-only mode for gateways readonly gateway security testgrid cloud-backend multiuser-gateway new zooko enhancement major
#1570 S3 backend: support streaming writes to immutable shares security anti-censorship streaming performance memory s3 cloud-backend storage new defect major
#1649 WUI: the error message page for a writeable file/directory nonobviously includes the write cap usability security capleak websec assigned davidsarah defect major
#1665 Brainstorm webapi vulnerabilities between the operator and a user and between users. docs security webapi introducer accounting status websec multiuser-gateway new task major
#1697 there is no test covering password-checking for SFTP or FTP tests sftp ftpd password security assigned daira defect major
#1797 WUI: view content in an HTML5 sandboxed iframe wui security usability javascript sandbox same-origin websec new defect major
#1798 Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages wui same-origin security capleak new freddyb defect major
#1859 Proof-of-concept attack: Upload and execute attacker controlled js from any domain. security javascript same-origin capleak websec new davidsarah defect major
#2037 cloud/S3 backend fails to redact ProductToken and UserToken from S3 error messages security logging s3 cloud-backend ticket999-S3-backend blocks-cloud-deployment assigned daira defect major
#2055 Building tahoe safely is non-trivial install security eggs pip setuptools packaging new daira defect major
#2090 Don't expose URIs after failed CLI commands easy security capleak error cli new daira defect major
#2214 DOS defect concerning forged shares DOS security verify tahoe-check new daira defect major
#2364 Clients in onion grid busy-wait if a storage node is unreachable availability reliability anti-censorship tor-protocol anonymity new defect major
#2385 node web server should use DHE/ECDHE suites automatically security websec https forward-secrecy twisted new j3i enhancement major

Priority: normal (30 matches)

Ticket Summary Keywords Status Owner Type Priority
#925 Information leak to holders of a directory read cap, about whether each dir entry is writeable and the length of its write cap backward-compatibility privacy security assigned daira defect normal
#1408 accounting using bitcoins bitcoin accounting performance leases security new somebody defect normal
#1415 WUI is more useful than CLI security privacy capleak integrity confidentiality new defect normal
#1535 Allow restricting Tahoe-LAFS gateway to one user by supporting Unix sockets wui cli socket unix security confidentiality integrity capleak new enhancement normal
#1694 package client and server separately performance security packaging p2p new somebody enhancement normal
#1890 submit proposal for restrict-referrer-leakage to the CSP standardizers and implementors referer referrer standards capleak research assigned davidsarah task normal
#1907 Tor over Tahoe-LAFS mutable tor-protocol privacy rollback performance joke new enhancement normal
#1942 replace google chart in wui with d3.js: it leaks information anonymity privacy security websec tor-protocol i2p new nobody task normal
#1946 consider removing some st_* fields from metadata privacy anonymity new defect normal
#1989 foolscap: "an inbound callRemote ... failed" log entries include all arguments memory confidentiality capleak logging foolscap new warner defect normal
#2009 One Grid to Rule Them All extensibility servers-of-happiness location newurls security globalcaps new daira defect normal
#2010 Implement shortcuts to caps usability newurls introducer security aliases new enhancement normal
#2018 padding to hide the size of plaintexts confidentiality privacy compression newcaps research new nejucomo enhancement normal
#2024 downloader hangs when server returns empty string download hang denial-of-service security new defect normal
#2057 reproducible builds install security eggs new daira enhancement normal
#2100 passphrase-encrypt the aliases file aliases security capleak usability new daira enhancement normal
#2136 Use Content-Security-Policy to harden the WUI csp wui security xss javascript new daira defect normal
#2142 How to enhance WebUI default security against capability eavesdropping? websec confidentiality privacy wui webapi docs new amontero enhancement normal
#2213 Make SFTP generate its own key sftp ssh-keygen usability security new enhancement normal
#2331 don't display capabilities without user explicitly asking for it security capleak assigned daira defect normal
#2335 clients shouldn't need to have persistent id anonymity privacy accounting foolscap new enhancement normal
#2369 Support encryptionless sftp using sftp-over-tcp performance security confidentiality integrity new HoverHell enhancement normal
#2401 authentication via proxy breaks "tahoe backup" authentication wui webapi http websec new defect normal
#2402 serve static files under a common URL static wui websec assigned daira enhancement normal
#2421 connect tahoe-lafs repo to Docker Hub docker security github new warner defect normal
#2478 back up metadata from github (PRs, commit comments, etc.) github security new task normal
#2589 Magic Folder: eliminate need for a single inviter that has excess authority magic-folder security usability cli new daira defect normal
#2720 format_http_error leaks the URI security capleak new daira defect normal
#2828 address remaining anonymity-violating linkages anonymity new defect normal
#2837 create-node --listen=tor hangs with tor-0.2.8.8 anonymity tor new defect normal

Priority: minor (5 matches)

Ticket Summary Keywords Status Owner Type Priority
#57 logging: compress/truncate/encode/decode/format for human readability and privacy logging privacy anonymity new warner enhancement minor
#907 Stop caps from leaking to phishing-filter servers capleak integrity confidentiality forward-compatibility newurls docs websec assigned davidsarah defect minor
#982 grsec disallows tahoe from learning its own IP address security grsec iputil transparency new ioerror defect minor
#1007 HTTP proxy support for node to node communication privacy anonymity firewall foolscap anti-censorship i2p new davidsarah enhancement minor
#1039 Keys with passphrases for SFTP sftp security new nobody defect minor
(more results for this group on next page)
1 2
Note: See TracQuery for help on using queries.