[tahoe-dev] [tahoe-lafs] #98: Web API is vulnerable to XSRF attacks.

tahoe-lafs trac at allmydata.org
Wed Oct 28 03:51:46 UTC 2009


#98: Web API is vulnerable to XSRF attacks.
-----------------------------------+----------------------------------------
     Reporter:  nejucomo           |       Owner:  zooko   
         Type:  defect             |      Status:  closed  
     Priority:  major              |   Milestone:  0.5.1   
    Component:  code-frontend-web  |     Version:  0.4.0   
   Resolution:  fixed              |    Keywords:  security
Launchpad_bug:                     |  
-----------------------------------+----------------------------------------

Comment(by davidsarah):

 Note that JavaScript in a given file can still obtain the read URI for
 that file. In the case of a mutable file, this is more than least
 authority because it allows reading future versions. I will open a new bug
 about that.

-- 
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/98#comment:22>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid


More information about the tahoe-dev mailing list