Changes between Version 5 and Version 6 of Ticket #1737


Ignore:
Timestamp:
2015-04-12T22:46:10Z (10 years ago)
Author:
daira
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #1737 – Description

    v5 v6  
    1313* {{{measure_peer_response_time()}}}
    1414
    15 Daira argues that it provides excess authority, specifically due to the fact that the upload/download methods accept local filenames
    16 (like {{{remote_upload_from_file_to_uri()}}} which accepts a local disk filename and uploads it to the grid, returning the filecap, which could be used to upload e.g. {{{~/.tahoe/private/aliases}}}. This makes it
    17 unsafe to share {{{control.furl}}} with anyone who is not supposed to get control of the user account running the node.
     15Daira argues that it provides excess authority, specifically due to the fact that the upload/download methods accept local filenames (like {{{remote_upload_from_file_to_uri()}}} which accepts a local disk filename and uploads it to the grid, returning the filecap, which could be used to upload e.g. {{{~/.tahoe/private/aliases}}}. This makes it unsafe to share {{{control.furl}}} with anyone who is not supposed to get control of the user account running the node.
    1816
    1917Daira would like to remove it. To do that, we'd need to either give up the automated performance and memory-footprint tests, or find a way to rewrite them (which would probably mean adding new authorities into the HTTP-based webapi, at least for get_memory_usage() and measure_peer_response_time()).