[tahoe-dev] [tahoe-lafs] #995: It's way too easy to give away write directory caps
tahoe-lafs
trac at allmydata.org
Sun Mar 14 12:51:04 UTC 2010
#995: It's way too easy to give away write directory caps
-------------------------------------------+--------------------------------
Reporter: jsgf | Owner: nobody
Type: defect | Status: new
Priority: major | Milestone: undecided
Component: unknown | Version: 1.6.0
Keywords: wui usability confidentiality | Launchpad_bug:
-------------------------------------------+--------------------------------
Comment(by toby.murray):
What about when navigating to a RW directory cap, the WUI sets a cookie
containing the RW directory cap, then navigates the user to a generic URI
on the web node whose job it is to read the value of this cookie and then
display its contents as usual. This would allow one to view RW directories
but would prevent the RW cap appearing in the addresss bar.
One could then add 'share RW' and 'share RO' buttons to the WUI which
would then display the relevant URI for the user to copy-paste. The 'share
RO' button could be made more prominent, perhaps, than the RO button, so
that 'sharing RO' is easier to perform than 'sharing RW'.
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/995#comment:5>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
More information about the tahoe-dev
mailing list