#3642 closed defect (fixed)

Address the GBS spec "TODO" regarding placement of storage index in the URL

Reported by: exarkun Owned by: exarkun
Priority: normal Milestone: Non-Foolscap communications
Component: unknown Version: n/a
Keywords: Cc:
Launchpad Bug:

Description

We considered making this ``POST /v1/immutable`` instead.
The motivation was to keep *storage index* out of the request URL.
Request URLs have an elevated chance of being logged by something.
We were concerned that having the *storage index* logged may increase some risks.
However, we decided this does not matter because the *storage index* can only be used to read the share (which is ciphertext).
TODO Verify this conclusion.

Update this with current thinking / conclusions / justifications and delete the TODO.

Change History (2)

comment:1 Changed at 2021-03-22T13:15:33Z by GitHub <noreply@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 8ff9e4d/trunk:

Merge pull request #1007 from LeastAuthority?/3642.fix-gbs-todo

Fix the remaining GBS "TODO"

Fixes: ticket:3642

comment:2 Changed at 2021-05-02T18:51:23Z by maylee

  • Milestone changed from undecided to Non-Foolscap communications
Note: See TracTickets for help on using tickets.