Opened at 2009-01-17T01:47:14Z
Last modified at 2021-03-30T18:40:19Z
#587 new defect
Web nodes provide ambient upload authority — at Initial Version
| Reported by: | toby.murray | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | soon |
| Component: | code-frontend-web | Version: | 1.2.0 |
| Keywords: | upload security accounting LeastAuthority.com websec | Cc: | vikarti@… |
| Launchpad Bug: |
Description
Under the current webapi, nodes offer ambient upload authority to any host that can send them web requests. There are deployment scenarios for Tahoe in which this behaviour is undesirable.
A means to disable this behaviour would be useful. In particular, being able to turn this behaviour off via a setting in tahoe.cfg could be good.
Discussion surrounding this issue can be found in the thread starting here: http://allmydata.org/pipermail/tahoe-dev/2009-January/001015.html
Change History (2)
Changed at 2009-01-17T01:49:50Z by toby.murray
Changed at 2009-01-17T01:50:30Z by toby.murray
A test case for this configuration parameter with one test for each of its two boolean states
Note: See
TracTickets for help on using
tickets.
A patch to add 'web.ambient_upload_authority' as a paramater to tahoe.cfg