From 83c3ad58e7cfb68f47a6cb3e01c2f8dfee091111 Mon Sep 17 00:00:00 2001
From: zooko <>
Date: Wed, 11 Jun 2008 19:53:28 +0000
Subject: [PATCH] replace with link to docs/known_issues.txt (for now)

[Imported from Trac: page Security, version 16]
---
 Security.md | 24 +-----------------------
 1 file changed, 1 insertion(+), 23 deletions(-)

diff --git a/Security.md b/Security.md
index 409ccf6..25ef13d 100644
--- a/Security.md
+++ b/Security.md
@@ -1,23 +1 @@
-# Security Considerations
-
-# General Security Properties of Tahoe
-
-Please read [the about page](http://allmydata.org/source/tahoe/trunk/docs/about.html) for a simple explanation of what security properties Tahoe offers.
-
-For technical details about how those properties are enforced, see the [the architecture document]source:docs/architecture.txt.
-
-# Current Known Security Issues in Tahoe
-
-as of January 8, 2008
-
- * potential exposure of a file through embedded hyperlinks or JavaScript in that file
-
-   If there is a file stored on a Tahoe storage grid, and that file gets downloaded and displayed in a web browser, then JavaScript or hyperlinks within that file can leak the capability to that file to a third party, which means that third party gets access to the file.
-
-   If there is JavaScript in the file, then it could deliberately leak the capability to the file out to some remote listener.
-
-   If there are hyperlinks in the file, and they get followed, then whichever server they point to receives the capability to the file.  Note that IMG tags are typically followed automatically by web browsers, so being careful which hyperlinks you click on is not sufficient to prevent this from happening.
-
-   For future versions of Tahoe, we are considering ways to close off this leakage of authority while preserving ease of use -- the discussion of this issue is ticket #127.
-
-   For the present, a good work-around is that if you want to store and view a file on Tahoe and you want that file to remain private, then remove from that file any hyperlinks pointing to other people's servers and remove any JavaScript unless you are sure that the JavaScript is not written to maliciously leak access.
+Please see source:docs/known_issues.txt.
\ No newline at end of file