[tahoe-dev] XSRF attacks -- we need to do something about v0.5

[zooko]

By the way, it occurred to me that if the tahoe client didn't  
automatically map for you from the string "private" to the uri of  
your private vdrive's top-level directory, then this attack would not  
be able to disclose your confidential data.

So, for example, we *could* patch v0.5 by removing that mapping!

I'm not actually suggesting that we do this.  For one thing, it  
wouldn't prevent this attack from deleting your public data.  For  
another thing, people really benefit from being able to use the word  
"private" instead of a large random URI to refer to their private data.

Regards,

Zooko