#674: controlled access to your WUI
-------------------------+--------------------------------------------------
Reporter: zooko | Owner: nobody
Type: enhancement | Status: new
Priority: major | Milestone: undecided
Component: unknown | Version: 1.3.0
Keywords: | Launchpad_bug:
-------------------------+--------------------------------------------------
Comment(by warner):
good point. I suppose that means making the $WUI_SECRET pages come from a
completely different origin, by using a separate port number or something.
We'd still need $WUI_SECRET, of course.
We'll have to have a rule that says we never emit unescaped external
content on any page served below $WUI_SECRET . That means not using this
namespace for delivering files or directories, and it also means being
careful about escaping node nicknames and log messages and anything else
that we might want to serve from that space.
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/674#comment:3>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
_______________________________________________
tahoe-dev mailing list
[email protected]
http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
