[tahoe-dev] [tahoe-lafs] #821: A script in a file viewed through the WUI can obtain the file's read cap

tahoe-lafs trac at allmydata.org
Wed Oct 28 04:36:19 UTC 2009

#821: A script in a file viewed through the WUI can obtain the file's read cap
 Reporter:  davidsarah         |           Owner:           
     Type:  defect             |          Status:  new      
 Priority:  major              |       Milestone:  undecided
Component:  code-frontend-web  |         Version:  1.5.0    
 Keywords:  newcaps security   |   Launchpad_bug:           

Comment(by davidsarah):

 I believe this issue also applies to other scriptable file formats such as
 PDF and Flash.

 Possible solution:

 If the NewCapDesign implements versioned read caps (i.e. read caps that
 only give access to a specific version of a mutable file), then that would
 allow versioned read URLs to be used by default by the WUI.

 That would also have the side effect that cutting-and-pasting an URL from
 the address bar would only give access to a single file version by default
 (and the versioned URLs could also provide collision resistance). I'm not
 sure whether that is what users would expect, but it is a safer default.

 I think this would have to work by having the gateway perform an HTTP
 redirect from the unversioned read URL to the versioned one (probably
 conditional on a parameter in the URL). The parent directory listing
 cannot directly link to the versioned URLs because that would require
 reading every file in the listing, which would be too inefficient.

Ticket URL: <http://allmydata.org/trac/tahoe/ticket/821#comment:1>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid

More information about the tahoe-dev mailing list