[tahoe-dev] [tahoe-lafs] #995: It's way too easy to give away write directory caps

tahoe-lafs trac at allmydata.org
Sun Mar 14 18:33:08 UTC 2010 

#995: It's way too easy to give away write directory caps
------------------------------------------------+---------------------------
 Reporter:  jsgf                                |           Owner:  nobody   
     Type:  defect                              |          Status:  new      
 Priority:  major                               |       Milestone:  undecided
Component:  code-frontend-web                   |         Version:  1.6.0    
 Keywords:  wui jsui usability confidentiality  |   Launchpad_bug:           
------------------------------------------------+---------------------------
Changes (by davidsarah):

  * component:  unknown => code-frontend-web


Comment:

 Replying to [comment:6 davidsarah]:
 > I don't see any reason not to put a RO-shareable URI in the address bar.
 That's easy to do in a !JavaScript UI, for example by putting the cap in a
 fragment so that it doesn't cause a page reload (http://maps.yahoo.com
 uses this approach). Putting the cap in a fragment also fixes #127 and
 #907, without any loss of usability.

 I also meant to point out that RW URIs are still shareable in this
 approach: if the fragment contains a RW URI, the script would immediately
 change it to a RO URI in the address bar, but remember the original URI
 for use in XMLHttpRequests.

 (This part of the script should be included directly in the document
 <head> so that it loads quickly even when not cached.)

 I've just been looking at the implementation of Toby's
 [http://allmydata.org/pipermail/tahoe-dev/2010-March/004137.html Tahoe
 Explorer]. It seems very well-written and quite suitable to be included in
 Tahoe proper, so that we could adapt it to be a more secure replacement
 for the existing WUI.

 However, it depends on Cajita which is under the
 [http://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0],
 which is [http://www.apache.org/licenses/GPL-compatibility.html not
 GPLv2-compatible]. It is GPLv3-compatible in the direction we need, but
 either Tahoe would need to change to GPLv3 (or include an exception to
 allow linking with the Cajita runtime), or Caja/Cajita would need to
 change to be GPLv2/Apache dual-licensed. How irritating :-(

-- 
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/995#comment:7>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid

More information about the tahoe-dev mailing list