id summary reporter owner description type status priority milestone component version resolution keywords cc launchpad_bug 861 Any node interface available on a public exposes confidential grid info imhavoc somebody "Any node that is available on an exposed IP address publishes the introducer furl and the helper furl (if attached) to the world. This results in anyone discovering the address of an exposed node being able to attach to a grid and a helper. This could result in unlimited abuse. If one wanted to store files on their grid, then publish specific files to the net, a public node is required. Once that node is published, finding the furls is trivial. Example: Zooko's blog hosted on the !TestGrid: http://testgrid.allmydata.org:3567/uri/URI:DIR2-RO:j74uhg25nwdpjpacl6rkat2yhm:kav7ijeft5h7r7rxdp5bgtlt3viv32yabqajkrdykozia5544jqa/wiki.html#2009-12-15 Going to the root of the node: http://testgrid.allmydata.org:3567/ Introducer: {{{ pb://todjw7qkb4dgq4fkeo7cqydcu5vneioh@tahoecs2.allmydata.com:52106/introducer Connected to introducer?: yes }}} This happens to be a wonderful feature for the !TestGrid, but a easy point of attack for anyone with a ""closed"" or ""limited"" grid." defect closed major undecided code-frontend-web 1.5.0 duplicate privacy security