Opened at 2012-09-06T01:17:51Z
Last modified at 2013-03-21T18:42:20Z
#1802 closed defect
make new introducer furls unguessable — at Initial Version
| Reported by: | davidsarah | Owned by: | davidsarah |
|---|---|---|---|
| Priority: | major | Milestone: | 1.10.0 |
| Component: | code-nodeadmin | Version: | 1.9.2 |
| Keywords: | introducer furl security easy forward-compatibility | Cc: | |
| Launchpad Bug: |
Description
In src/allmydata/introducer/server.py, new introducer furls are created with the guessable swissnum "introducer".
New furls should instead be created as random, by omitting the "introducer" argument to tub.registerReference and using furlFile="introducer.furl" instead. Existing furls will not change because introducer.furl will already exist, so this is backward-compatible.
The full security benefit is not obtained without #860, but there's no reason to continue generating guessable furls for new introducers in the meantime.
Note: See
TracTickets for help on using
tickets.
