[tahoe-dev] [tahoe-lafs] #674: controlled access to your WUI

tahoe-lafs trac at allmydata.org
Tue Apr 28 04:06:57 UTC 2009

#674: controlled access to your WUI
 Reporter:  zooko        |           Owner:  nobody   
     Type:  enhancement  |          Status:  new      
 Priority:  major        |       Milestone:  undecided
Component:  unknown      |         Version:  1.3.0    
 Keywords:               |   Launchpad_bug:           

Comment(by nejucomo):

 A nitpick on which threat scenario this prevents:

 This prevents CSRF attacks which maliciously embed an easily guessable
 action-causing request into a context for the victim to consume.

 Whether or not Javascript is used is irrelevant.  In particular,
 preventing CSRF attacks will not protect against malicious Javascript
 which has the wapi as its origin.

 It *would* protect against CSRF attacks launched via Javascript, as well
 as any other CSRF attacks from a _different_ origin.

 Additionally, the implementation should consider non-Javascript CSRF
 attacks from *the same origin*.  For example a request format of
 "http://$HOST:$PORT/$WUI_SECRET/uri/$FILE_READ_CAP" would *not* protect
 against relative urls from the $HOST:$PORT origin (such as a malicious
 html page within a Tahoe grid).

 For this reason, it seems like file/directory retrieval URLs should not
 contain the $WUI_SECRET in their URL.  Their own cap already provides
 protection against forgery, and this prevents the relative path, same
 origin, CSRF.

Ticket URL: <http://allmydata.org/trac/tahoe/ticket/674#comment:1>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid

More information about the tahoe-dev mailing list