[tahoe-dev] web "control panel"

Chris Palmer chris at noncombatant.org
Wed Jan 26 03:40:15 UTC 2011


Brian Warner writes:

> But "safe" != "public". Part of the control panel may (side-effect-freely)
> show information that's supposed to be private to the node operator, like
> comments they've entered about other servers, or their remaining $ balance
> with a commercial server operator. It sounds like the usual framework's
> reliance upon ambient cookies leaves this uncovered, or assumes that
> Same-Origin-Policy protects them because the usual ways to avoid it don't
> make it easy to get data back out. Hrm.

I don't know what you mean. Safeness, idempotence, and publicness are
orthogonal.

> > <a onclick="deleteAccount()">Delete Account</a>
> 
> Hrm, so mandatory JS. I'll think about it.

I found another option:

<style>
.foo {
      text-decoration: underline;
      text-color: blue;
      border: 0px solid;
      color: blue;
      background-color: white;
      font-size: 100%;
}
</style>

<form method=POST>
<input type="hidden" name="goat" value="yes" />
<input class="foo" type="submit" name="noodle" value="noodle" />
</form>


-- 
http://noncombatant.org/




More information about the tahoe-dev mailing list