Changes between Version 6 and Version 7 of Security


Ignore:
Timestamp:
2007-10-16T21:23:11Z (16 years ago)
Author:
zooko
Comment:

mention #127

Legend:

Unmodified
Added
Removed
Modified
  • Security

    v6 v7  
    33This page exists so that there is one page to read to learn about the security guarantees that Tahoe is designed to provide, as well as about any current known issues that might have security consequences.
    44
     5= Current Known Security Issues in Tahoe =
     6
     7There is currently one known issue in Tahoe that could have security implications.
     8
     9This issue is: if there is a file stored on a Tahoe storage grid, and that file gets downloaded and displayed in a web browser, and that file contains hyperlinks which get followed by the web browser, then the web server that those hyperlinks point to gets access to the file that the hyperlinks were in.  Remember that IMG tags typically get followed automatically, so it is not a complete defense against this problem to make sure that nobody who is viewing the page clicks on the hyperlinks.
     10
     11We are thinking about ways to close off this leakage of authority while preserving ease of use -- the ticket associated with this issue is ticket #127.
     12
     13In the meantime, a good work-around is to remove all hyperlinks pointing to external servers from any HTML file that you upload to a Tahoe grid, if you want the contents of the file to remain private.
     14
     15= General Security Properties of Tahoe =
    516
    617'''The following is not complete.'''