[tahoe-dev] [tahoe-lafs] #615: Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe?

tahoe-lafs trac at allmydata.org
Wed Oct 28 06:32:32 UTC 2009


#615: Can JavaScript loaded from Tahoe access all your content which is loaded
from Tahoe?
---------------------------+------------------------------------------------
     Reporter:  zooko      |        Type:  defect           
       Status:  new        |    Priority:  critical         
    Milestone:  undecided  |   Component:  code-frontend-web
      Version:  1.3.0      |    Keywords:  newcaps security 
Launchpad_bug:             |  
---------------------------+------------------------------------------------
Changes (by davidsarah):

  * keywords:  => newcaps security
  * priority:  major => critical


Comment:

 #821 (now reopened) describes a less serious security problem that would
 still be present even if every page had a distinct origin. Note that the
 fix suggested for that bug will only work if this one is also fixed, i.e.
 #821 is dependent on this bug.

 #127 seems to be almost exclusively about Referer header cap leakage, and
 I've changed its summary to reflect that.

-- 
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/615#comment:5>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid


More information about the tahoe-dev mailing list