#98: Web API is vulnerable to XSRF attacks.
-----------------------------------+----------------------------------------
Reporter: nejucomo | Owner: zooko
Type: defect | Status: closed
Priority: major | Milestone: 0.5.1
Component: code-frontend-web | Version: 0.4.0
Resolution: fixed | Keywords: security
Launchpad_bug: |
-----------------------------------+----------------------------------------
Comment(by davidsarah):
Note that JavaScript in a given file can still obtain the read URI for
that file. In the case of a mutable file, this is more than least
authority because it allows reading future versions. I will open a new bug
about that.
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/98#comment:22>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
_______________________________________________
tahoe-dev mailing list
[email protected]
http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
