Opened at 2009-01-17T01:47:14Z
Last modified at 2021-03-30T18:40:19Z
#587 new defect
Web nodes provide ambient upload authority — at Version 12
| Reported by: | toby.murray | Owned by: | davidsarah |
|---|---|---|---|
| Priority: | major | Milestone: | soon |
| Component: | code-frontend-web | Version: | 1.2.0 |
| Keywords: | upload security accounting LeastAuthority.com websec | Cc: | vikarti@… |
| Launchpad Bug: |
Description (last modified by zooko)
Under the current webapi, nodes offer ambient upload authority to any host that can send them web requests. There are deployment scenarios for Tahoe in which this behaviour is undesirable.
A means to disable this behaviour would be useful. In particular, being able to turn this behaviour off via a setting in tahoe.cfg could be good.
Discussion surrounding this issue can be found in the thread starting here: http://allmydata.org/pipermail/tahoe-dev/2009-January/001015.html
Change History (14)
Changed at 2009-01-17T01:49:50Z by toby.murray
Changed at 2009-01-17T01:50:30Z by toby.murray
A test case for this configuration parameter with one test for each of its two boolean states
comment:1 Changed at 2009-01-18T15:45:04Z by zooko
- Owner set to zooko
- Status changed from new to assigned
Thanks! I'm looking at your patch.
comment:2 Changed at 2009-01-18T17:24:58Z by zooko
- Resolution set to fixed
- Status changed from assigned to closed
fixed by 66f83c7356a79978. I have some more questions about this topic which I'll post to the mailing list.
comment:3 Changed at 2010-04-25T20:35:33Z by francois
- Resolution fixed deleted
- Status changed from closed to reopened
comment:4 Changed at 2010-04-26T11:26:48Z by francois
The patch has been reverted by Zooko.
comment:5 Changed at 2010-06-12T22:18:50Z by davidsarah
- Keywords upload security accounting added
comment:6 Changed at 2011-01-06T08:13:15Z by davidsarah
See #1215 (add CORS support), which is blocked by at least this issue.
comment:7 Changed at 2011-07-31T04:48:38Z by davidsarah
See also #1455, about UI redressing attacks on the ambiently accessible pages.
comment:8 Changed at 2011-12-12T04:13:43Z by davidsarah
- Keywords lae added
- Milestone changed from undecided to 1.10.0
- Owner changed from zooko to davidsarah
- Status changed from reopened to new
In LAE's Tahoe-LAFS-on-S3 service (and possibly other cases when we have accounting), a customer who made a public gateway accessible would have to pay for storage of any files uploaded via that gateway, which puts a real cramp on sharing.
comment:9 Changed at 2011-12-12T04:14:01Z by davidsarah
- Status changed from new to assigned
comment:10 Changed at 2012-02-12T05:13:22Z by vikarti
- Cc vikarti@… added
comment:11 Changed at 2013-01-04T20:29:07Z by zooko
- Keywords LeastAuthority.com added; lae removed
comment:12 Changed at 2013-09-14T17:39:34Z by zooko
- Description modified (diff)
- Keywords websec added
A patch to add 'web.ambient_upload_authority' as a paramater to tahoe.cfg