[tahoe-dev] Fwd: [cap-talk] Don't put capabilities in argv?
Brian Warner
warner-tahoe at allmydata.com
Wed Jul 23 19:19:57 UTC 2008
On Tue, 22 Jul 2008 21:09:30 -0600
zooko <zooko at zooko.com> wrote:
> (Re-adding the cap-talk mailing list because they might be
> interested in the general question of what sorts of command-line
> tools could be invented to manage caps.)
Since a common use case is going to be:
tahoe mkdir # prints out URI:DIR2:ovjy4yhylq:4d4f47qko..
tahoe add-alias home: URI:DIR2:ovjy4yhylq:4d4f47qko..
tahoe ls home:
tahoe put stuff home:other-stuff
We could just combine the first two steps:
tahoe create-alias home:
tahoe ls home:
tahoe put stuff home:other-stuff
and never show the cap to the user at all (unless they ask for it
later, with "tahoe show-aliases"). Of course I'm still highly in favor
of retaining the "tahoe ls URI:DIR2:..." form, because that is awfully
convenient for one-off usage (looking at a file or directory that
someone has passed you through email), and because it reinforces the
notion that "home:" is really just an alias for some particular
URI:DIR2:... string.
This feels similar to the idea from web-browser login security that
some of our community's password-generating tools use: if you're using
your browser as a trusted agent anyways, let it remember the password
for you, so it can have more entropy and only be sent to the right
place. The user can't accidentally reveal that which they don't know,
and reducing the need to pass a secret around will reduce the
opportunities for accidents.
cheers,
-Brian
More information about the tahoe-dev
mailing list