[tahoe-dev] web "control panel"
chris at noncombatant.org
Wed Jan 26 03:40:15 UTC 2011
Brian Warner writes:
> But "safe" != "public". Part of the control panel may (side-effect-freely)
> show information that's supposed to be private to the node operator, like
> comments they've entered about other servers, or their remaining $ balance
> with a commercial server operator. It sounds like the usual framework's
> reliance upon ambient cookies leaves this uncovered, or assumes that
> Same-Origin-Policy protects them because the usual ways to avoid it don't
> make it easy to get data back out. Hrm.
I don't know what you mean. Safeness, idempotence, and publicness are
> > <a onclick="deleteAccount()">Delete Account</a>
> Hrm, so mandatory JS. I'll think about it.
I found another option:
border: 0px solid;
<input type="hidden" name="goat" value="yes" />
<input class="foo" type="submit" name="noodle" value="noodle" />
More information about the tahoe-dev