[tahoe-dev] How to use Caja to solve the same-origin policy hazard (hosting both webapps and untrusted content in Tahoe)

Kevin Reid kpreid at switchb.org
Sat Jul 30 14:02:19 UTC 2011


On Jul 30, 2011, at 4:50, Greg Troxel wrote:

> In your worldview, are there multiple WUIs?   I can see the desire to
> use tahoe as a backing store for a web server, but until there are
> redundant WUIs and the client can select among them - I don't see the
> point compared to just running apache with the content in tahoe.  And
> when the client can fail over among them, isn't that almost like having
> the client be a tahoe node?

My proposal says nothing about the number of gateways, and I was largely assuming the default Tahoe model of every user running their own gateway (everybody's localhost:whatever). This is not *just* to support the unhosted-web-app scenario, but also to protect a file-upload-and-download user working through the WUI (which is one of my current two personal use cases for Tahoe).

-- 
Kevin Reid                                  <http://switchb.org/kpreid/>




More information about the tahoe-dev mailing list