[tahoe-dev] Giving away the farm (was Re: Google Summer of Code 2010 -- Ideas Needed!)
Jeremy Fitzhardinge
jeremy at goop.org
Fri Mar 12 17:29:26 PST 2010
On 03/12/2010 04:12 PM, Toby Murray wrote:
> http://testgrid.allmydata.org:3567/uri/URI:DIR2:u64egztouchecgmlssxx3nk3o4:skv6utnyk4o5y3ea4qaznxflne6mvf4rrrmddjnbkcmdpvadqgya/
>
An aside, this URL represents a (presumed) error I've been desperately
afraid of making myself because it seems so easy to do. This is a
*writable* directory cap, so Toby has given away the farm on this
directory, and we have no idea whether the explorer.zip referred to is
the one he intended.
Tahoe's WUI makes it really easy to make this mistake because the
writable cap is clearly the one that the file owner is going to be using
- but (special occasions excepted) you're always going to want to give
away the RO variant.
I have no idea how to address this. The problem is fundamental to a
capability system, so the question is: how to mitigate it?
(I also love that this cap has "touch[é]" in it.)
J
More information about the tahoe-dev
mailing list