Custom Query (23 matches)
Ticket | Summary | Keywords | Status | Owner | Type | Priority |
---|---|---|---|---|---|---|
#615 | Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe? | newcaps confidentiality integrity preservation capleak gsoc websec | assigned | davidsarah | defect | critical |
#127 | Cap URLs leaked via HTTP Referer header | confidentiality integrity preservation capleak research websec | assigned | davidsarah | defect | major |
#366 | address Nathan Wilcox's concerns about "Tahoe and the browser security model" | security capleak docs websec | assigned | blaisep | defect | major |
#821 | A script in a file viewed through the WUI can obtain the file's read cap | newcaps newurls confidentiality capleak websec | assigned | davidsarah | defect | major |
#827 | Put file download links ('?save=true') in WUI directory listings | security usability capleak docs download easy | assigned | davidsarah | defect | major |
#922 | The URL of the info page for an unknown dirnode should not grant authority to the containing directory | capleak integrity confidentiality newurls | assigned | davidsarah | defect | major |
#954 | revocable write authority | integrity capleak forward-compatibility newcaps revocation research | new | enhancement | major | |
#995 | It's way too easy to give away write directory caps | wui jsui usability confidentiality capleak websec | new | nobody | defect | major |
#997 | The webapi/WUI should have https enabled by default | confidentiality wui webapi capleak | new | nobody | defect | major |
#1234 | UnrecoverableFileError message should say which file it refers to | error usability capleak | assigned | davidsarah | defect | major |
#1254 | eliminate use of urllib.urlopen in check_load | security capleak | assigned | davidsarah | defect | major |
#1649 | WUI: the error message page for a writeable file/directory nonobviously includes the write cap | usability security capleak websec | assigned | davidsarah | defect | major |
#1798 | Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages | wui same-origin security capleak | new | freddyb | defect | major |
#1859 | Proof-of-concept attack: Upload and execute attacker controlled js from any domain. | security javascript same-origin capleak websec | new | davidsarah | defect | major |
#2090 | Don't expose URIs after failed CLI commands | easy security capleak error cli | new | daira | defect | major |
#1415 | WUI is more useful than CLI | security privacy capleak integrity confidentiality | new | defect | normal | |
#1535 | Allow restricting Tahoe-LAFS gateway to one user by supporting Unix sockets | wui cli socket unix security confidentiality integrity capleak | new | enhancement | normal | |
#1890 | submit proposal for restrict-referrer-leakage to the CSP standardizers and implementors | referer referrer standards capleak research | assigned | davidsarah | task | normal |
#1989 | foolscap: "an inbound callRemote ... failed" log entries include all arguments | memory confidentiality capleak logging foolscap | new | warner | defect | normal |
#2100 | passphrase-encrypt the aliases file | aliases security capleak usability | new | daira | enhancement | normal |
#2331 | don't display capabilities without user explicitly asking for it | security capleak | assigned | daira | defect | normal |
#2720 | format_http_error leaks the URI | security capleak | new | daira | defect | normal |
#907 | Stop caps from leaking to phishing-filter servers | capleak integrity confidentiality forward-compatibility newurls docs websec | assigned | davidsarah | defect | minor |
Note: See TracQuery
for help on using queries.