[tahoe-dev] Tahoe WUI enhancement suggestion
till
tilllt at yahoo.com
Tue Jun 18 10:18:22 UTC 2013
So,
excuse my lack of knowledge on XSS and Web Security in General: So it makes no difference if the WUI just has access to the alias names without their uri's and the tahoe process looks them up for you? I still dont understand why, i.e. typing an alias into the "open directory" field on the WUI instead of directly putting it's URI is different, security wise.
From a usability point of view: Now i have to keep a list of URIs of my directories somewhere to copy&paste them if i want access to them. I can define them in the alias file and "cat aliases" whenever i want access them in the WUI, but then i am at the CLI already and could do my tahoe stuff from there. So in what way do you imagine the average user to have his/her URI's available, carrying around a usb drive with a list on it, which probably should be encrypted itself?
cheers,
t.
On Jun 18, 2013, at 7:46 AM, Tony Arcieri wrote:
> BTW, you might check out oasis.js: capabilities-based sandboxing for the web with polyfills for older browsers:
>
> http://oasisjs.com/
>
>
> On Mon, Jun 17, 2013 at 8:15 PM, Tony Arcieri <tony.arcieri at gmail.com> wrote:
> On Mon, Jun 17, 2013 at 6:53 PM, Daira Hopwood (formerly David-Sarah) <davidsarah at leastauthority.com> wrote:
> If the aliases list is at a known URL, then any content in the same origin
> could access all of the aliases.
>
> Okay, that's a valid concern, thanks. And I hope you can implement <iframe sandbox> soon, browser support permitting
>
> --
> Tony Arcieri
>
>
>
> --
> Tony Arcieri
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at tahoe-lafs.org
> https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20130618/f2a08cdc/attachment.html>
More information about the tahoe-dev
mailing list