Changes between Version 15 and Version 16 of Security


Ignore:
Timestamp:
2008-06-11T19:53:28Z (16 years ago)
Author:
zooko
Comment:

replace with link to docs/known_issues.txt (for now)

Legend:

Unmodified
Added
Removed
Modified
  • Security

    v15 v16  
    1 = Security Considerations =
    2 
    3 = General Security Properties of Tahoe =
    4 
    5 Please read [http://allmydata.org/source/tahoe/trunk/docs/about.html the about page] for a simple explanation of what security properties Tahoe offers.
    6 
    7 For technical details about how those properties are enforced, see the [source:docs/architecture.txt the architecture document].
    8 
    9 = Current Known Security Issues in Tahoe =
    10 
    11 as of January 8, 2008
    12 
    13  * potential exposure of a file through embedded hyperlinks or !JavaScript in that file
    14 
    15    If there is a file stored on a Tahoe storage grid, and that file gets downloaded and displayed in a web browser, then !JavaScript or hyperlinks within that file can leak the capability to that file to a third party, which means that third party gets access to the file.
    16 
    17    If there is !JavaScript in the file, then it could deliberately leak the capability to the file out to some remote listener.
    18 
    19    If there are hyperlinks in the file, and they get followed, then whichever server they point to receives the capability to the file.  Note that IMG tags are typically followed automatically by web browsers, so being careful which hyperlinks you click on is not sufficient to prevent this from happening.
    20 
    21    For future versions of Tahoe, we are considering ways to close off this leakage of authority while preserving ease of use -- the discussion of this issue is ticket #127.
    22 
    23    For the present, a good work-around is that if you want to store and view a file on Tahoe and you want that file to remain private, then remove from that file any hyperlinks pointing to other people's servers and remove any !JavaScript unless you are sure that the !JavaScript is not written to maliciously leak access.
     1Please see [source:docs/known_issues.txt].