On Wed, Oct 8, 2008 at 12:37 PM, Brian Warner <[EMAIL PROTECTED]> wrote: > > Oh, yeah, zooko's point is an excellent one. If you restrict the user to > doing a GET, then they won't be able to cause any side-effects. All files are > uploaded using PUT or POST.
A naive implementation of this policy leads to a confused deputy attack: If you depend on some rule which lets certain browsers POST, but not others, an attacker creates a malicious web page which executes the POST of their choosing. Next, they trick any user who has the ability to POST to visit the malicious website. One means for publishers to defend themselves against this is to only publish content with commandline tools (in *addition* to whatever policy mechanism restricts POSTs). Perhaps a more user friendly approach, with firefox, is to create a separate profile and *only* use it to publish and not visit other sites. (This can also be tricky if the attacker can sneak links into the grid content.) [snip...] Nathan _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
