[tahoe-dev] [tahoe-lafs] #127: Cap URLs leaked via HTTP Referer header

tahoe-lafs trac at tahoe-lafs.org
Sat Dec 25 00:15:58 UTC 2010


#127: Cap URLs leaked via HTTP Referer header
-----------------------------------+----------------------------------------
     Reporter:  warner             |       Owner:  davidsarah                                    
         Type:  defect             |      Status:  assigned                                      
     Priority:  major              |   Milestone:  1.9.0                                         
    Component:  code-frontend-web  |     Version:  0.7.0                                         
   Resolution:                     |    Keywords:  confidentiality integrity preservation capleak
Launchpad Bug:                     |  
-----------------------------------+----------------------------------------

Comment (by warner):

 Incidentally, someone told me the other day that any URLs sent through
 various google products (Google Talk the IM system, Gmail, anything you
 browse while the Google Toolbar is in your browser) gets spidered and
 added to the public index. The person couldn't think of any conventions
 (beyond robots.txt) to convince them to *not* follow those links, but they
 could think of lots of things to encourage their spider even more.

 I plan to do some tests of this (or just ask google's spider to tell me
 about tests which somebody else has undoubtedly performed already).

 I know, I know, it's one of those boiling the ocean things, it's really
 unfortunate that so many tools are so hostile to the really-convenient
 idea of secret URLs.

-- 
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/127#comment:29>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage


More information about the tahoe-dev mailing list