mention #127
[Imported from Trac: page Security, version 7]
zooko
parent
1e4ad59bf5
commit
1a16b97a18
11
Security.md
11
Security.md
|
|
@ -2,6 +2,17 @@
|
||||||
|
|
||||||
This page exists so that there is one page to read to learn about the security guarantees that Tahoe is designed to provide, as well as about any current known issues that might have security consequences.
|
This page exists so that there is one page to read to learn about the security guarantees that Tahoe is designed to provide, as well as about any current known issues that might have security consequences.
|
||||||
|
|
||||||
|
# Current Known Security Issues in Tahoe
|
||||||
|
|
||||||
|
There is currently one known issue in Tahoe that could have security implications.
|
||||||
|
|
||||||
|
This issue is: if there is a file stored on a Tahoe storage grid, and that file gets downloaded and displayed in a web browser, and that file contains hyperlinks which get followed by the web browser, then the web server that those hyperlinks point to gets access to the file that the hyperlinks were in. Remember that IMG tags typically get followed automatically, so it is not a complete defense against this problem to make sure that nobody who is viewing the page clicks on the hyperlinks.
|
||||||
|
|
||||||
|
We are thinking about ways to close off this leakage of authority while preserving ease of use -- the ticket associated with this issue is ticket #127.
|
||||||
|
|
||||||
|
In the meantime, a good work-around is to remove all hyperlinks pointing to external servers from any HTML file that you upload to a Tahoe grid, if you want the contents of the file to remain private.
|
||||||
|
|
||||||
|
# General Security Properties of Tahoe
|
||||||
|
|
||||||
**The following is not complete.**
|
**The following is not complete.**
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue