[tahoe-dev] [tahoe-lafs] #821: A script in a file viewed through the WUI can obtain the file's read cap
tahoe-lafs
trac at allmydata.org
Wed Oct 28 04:36:19 UTC 2009
#821: A script in a file viewed through the WUI can obtain the file's read cap
-------------------------------+--------------------------------------------
Reporter: davidsarah | Owner:
Type: defect | Status: new
Priority: major | Milestone: undecided
Component: code-frontend-web | Version: 1.5.0
Keywords: newcaps security | Launchpad_bug:
-------------------------------+--------------------------------------------
Comment(by davidsarah):
I believe this issue also applies to other scriptable file formats such as
PDF and Flash.
Possible solution:
If the NewCapDesign implements versioned read caps (i.e. read caps that
only give access to a specific version of a mutable file), then that would
allow versioned read URLs to be used by default by the WUI.
That would also have the side effect that cutting-and-pasting an URL from
the address bar would only give access to a single file version by default
(and the versioned URLs could also provide collision resistance). I'm not
sure whether that is what users would expect, but it is a safer default.
I think this would have to work by having the gateway perform an HTTP
redirect from the unversioned read URL to the versioned one (probably
conditional on a parameter in the URL). The parent directory listing
cannot directly link to the versioned URLs because that would require
reading every file in the listing, which would be too inefficient.
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/821#comment:1>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
More information about the tahoe-dev
mailing list