[tahoe-dev] [tahoe-lafs] #98: Web API is vulnerable to XSRF attacks.
tahoe-lafs
trac at allmydata.org
Tue Oct 27 20:51:46 PDT 2009
#98: Web API is vulnerable to XSRF attacks.
-----------------------------------+----------------------------------------
Reporter: nejucomo | Owner: zooko
Type: defect | Status: closed
Priority: major | Milestone: 0.5.1
Component: code-frontend-web | Version: 0.4.0
Resolution: fixed | Keywords: security
Launchpad_bug: |
-----------------------------------+----------------------------------------
Comment(by davidsarah):
Note that JavaScript in a given file can still obtain the read URI for
that file. In the case of a mutable file, this is more than least
authority because it allows reading future versions. I will open a new bug
about that.
--
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/98#comment:22>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid
More information about the tahoe-dev
mailing list