Less of a "here's my experience" than a summary of earlier conversations with various people, but still perhaps relevant or helpful:
0) Venti contains neither authentication nor authorization. If you care, you are advised to stick it on a trusted network, or listen only on loopback. 1) The venti protocol reserves space for auth (see VtTauth0 and VtTauth1 in /sys/include/venti.h), but I'm pretty sure nobody implements it. Certainly I haven't found any definition of those fields. 2) My biggest security concern wrt venti is denial-of-service by way of spamming my disk (intentionally or not). /sys/src/cmd/venti/ro.c implements a read-only proxy which reduces this risk. 3) The proxy also provides a useful example of how more complex proxies could be constructed. What I'd like (it's on my todo, but down a few rungs) is an extended version that allows r/w access from trusted hosts/networks and r/o from everyone else. 4) There's always ssl or the like. Some people argue that's the best path to take; I'm less convinced. ----- P.S.: I have no idea why, but gmail thinks an appropriate ad for this topic is for "Emo Teens": "Explore Emo Style & Personality. The Latest Family Topics!". Funny, Glenda doesn't *look* emo to me.
