#615: Can JavaScript loaded from Tahoe access all your content which is loaded
from Tahoe?
---------------------------+------------------------------------------------
Reporter: zooko | Type: defect
Status: new | Priority: critical
Milestone: undecided | Component: code-frontend-web
Version: 1.3.0 | Keywords: newcaps security
Launchpad_bug: |
---------------------------+------------------------------------------------
Changes (by davidsarah):
* keywords: => newcaps security
* priority: major => critical
Comment:
#821 (now reopened) describes a less serious security problem that would
still be present even if every page had a distinct origin. Note that the
fix suggested for that bug will only work if this one is also fixed, i.e.
#821 is dependent on this bug.
#127 seems to be almost exclusively about Referer header cap leakage, and
I've changed its summary to reflect that.
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/615#comment:5>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
_______________________________________________
tahoe-dev mailing list
[email protected]
http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
