Custom Query (110 matches)


Show under each result:

Results (1 - 100 of 110)

1 2
Ticket Summary Keywords Status Owner Type Priority
#615 Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe? newcaps confidentiality integrity preservation capleak gsoc websec assigned davidsarah defect critical
#2222 make a FAQ describing the impact of heartbleed on Tahoe-LAFS security integrity confidentiality pyopenssl heartbleed docs assigned marlowe defect critical
#127 Cap URLs leaked via HTTP Referer header confidentiality integrity preservation capleak research websec assigned davidsarah defect major
#308 add directory traversal / deep-verify capability? vdrive newcaps verify repair privacy anonymity research new enhancement major
#309 add web page to Introducer, with client lists/counts introducer statistics privacy new somebody enhancement major
#366 address Nathan Wilcox's concerns about "Tahoe and the browser security model" security capleak docs websec new nejucomo defect major
#406 end-to-end encoding self-test test pycryptopp integrity assigned zooko defect major
#413 mutable files: expose version info to HTTP clients mutable integrity versioning webapi wui new enhancement major
#453 safely add plaintext_hash to immutable UEB integrity newcaps performance new enhancement major
#465 add a mutable-file cache performance cache mutable confidentiality memory new enhancement major
#467 allow the user to specify which servers a given gateway will use for uploads availability preservation cache anti-censorship placement backend rollback add-only new leif enhancement major
#492 mutable files: add ciphertext hash tree to signature block newcaps security integrity forward-compatibility backward-compatibility mutable new zooko defect major
#562 add a "censor" command to filter out sensitive information from log files privacy logging confidentiality new somebody defect major
#563 anonymize IP addresses in log files privacy logging new somebody defect major
#568 make immutable check/verify/repair and mutable check/verify work given only a verify cap confidentiality verify repair usability tahoe-check wui anti-censorship excess-authority new daira defect major
#587 Web nodes provide ambient upload authority upload security accounting websec new daira defect major
#625 Can't repair read-only dirnodes/mutable-files confidentiality integrity preservation verify repair newcaps tahoe-backup usability anti-censorship excess-authority assigned warner defect major
#635 'tahoe make-tarball' command backup metadata symlink usability security new enhancement major
#654 make the storage index be the verifier cap newcaps verify integrity performance new enhancement major
#674 controlled access to your WUI wui confidentiality privacy anti-censorship websec new nobody enhancement major
#685 [needs test] Capability of interrupted downloads is logged in twistd.log logging memory privacy confidentiality test-needed new somebody defect major
#686 Search for lost share resulted in a directory popping up at unexpected place integrity error assigned daira defect major
#723 helper: client should verify ciphertext hashes and UEB upload-helper integrity new daira defect major
#725 We should whine if we're running as root. easy security usability unix test-needed assigned davidsarah enhancement major
#753 use longer storage index / cap for collision resistance newcaps security new defect major
#794 create DSA writecaps from a passphrase newcaps newurls usability confidentiality integrity new enhancement major
#821 A script in a file viewed through the WUI can obtain the file's read cap newcaps newurls confidentiality capleak websec assigned davidsarah defect major
#822 Web API should use a more reliable, out-of-band means of reporting errors (such as a server connection being lost) during a download integrity error http download new defect major
#823 WUI server should have a disallow-all robots.txt privacy new defect major
#827 Put file download links ('?save=true') in WUI directory listings security usability capleak docs download easy assigned davidsarah defect major
#840 Allow all CLI commands to take arguments from stdin or a file, to avoid caps being visible to other local users security confidentiality integrity usability new enhancement major
#847 create internal VerifierNode/RepairerNode classes confidentiality integrity verify repair new somebody task major
#865 Document current crypto and encoding in detail docs security new ioerror task major
#870 Prevent socket hijacking on OSes that don't prevent it by default (Windows) security integrity confidentiality privacy windows foolscap twisted docs assigned davidsarah defect major
#922 The URL of the info page for an unknown dirnode should not grant authority to the containing directory capleak integrity confidentiality newurls assigned davidsarah defect major
#947 Add file-with-metadata caps newcaps newurls mutable immutable metadata rollback assigned davidsarah enhancement major
#954 revocable write authority integrity capleak forward-compatibility newcaps revocation research new enhancement major
#955 use client-side storage to defend against rollback attack integrity newcaps rollback new enhancement major
#956 embed security metadata in parent directory mutable newcaps newurls metadata forward-compatibility rollback revocation new enhancement major
#957 embed security metadata in URL newcaps newurls integrity redirect rollback new somebody enhancement major
#958 LAFS 301 Moved Permanently forward-compatibility backward-compatibility integrity newcaps newurls http sftp ftpd smb availability security revocation rollback research new enhancement major
#971 "Humanized failures" should still have a traceback, hidden by default error privacy anonymity assigned davidsarah enhancement major
#981 chroot support? security twisted chroot install new somebody enhancement major
#992 Store Content-Type as part of directory entries metadata integrity new somebody enhancement major
#994 support precompressed files compression space-efficiency performance bandwidth security integrity backward-compatibility new somebody enhancement major
#995 It's way too easy to give away write directory caps wui jsui usability confidentiality capleak websec new nobody defect major
#997 The webapi/WUI should have https enabled by default confidentiality wui webapi capleak new nobody defect major
#1008 Unhandled error conditions disclose detailed information wui security privacy anonymity logging error anti-censorship new defect major
#1105 allow uncoordinated reads concurrent with writes of a mutable file or directory locally docs fuse sftp integrity reliability new defect major
#1136 don't run a web-API frontend if you don't need one security websec new somebody enhancement major
#1142 Unlikely XSS Potential in File Names in WUI security xss html names wui new nobody defect major
#1144 Loopy/Uninhibited/Overlarge Filename Makes Web Server Crump security names wui new nobody defect major
#1164 use ChaCha⊕AES encryption confidentiality new somebody enhancement major
#1176 webapi should avoid using plaintext temporary file for uploads confidentiality new defect major
#1198 Bogus tub location causes introducer error error introducer security DoS new defect major
#1213 Should support change of hash functions security forward-compatibility integrity new somebody task major
#1215 add CORS support security http same-origin cors websec new enhancement major
#1234 UnrecoverableFileError message should say which file it refers to error usability capleak assigned davidsarah defect major
#1254 eliminate use of urllib.urlopen in check_load security capleak assigned davidsarah defect major
#1290 replace all use of pickles with JSON security pickle json new somebody defect major
#1368 make the added convergence secret be a per-file configuration defaults usability confidentiality convergence new nobody defect major
#1422 https node.url is not verified by httplib https security integrity confidentiality new nobody defect major
#1447 add read-only mode for gateways readonly gateway security testgrid cloud-backend multiuser-gateway new zooko enhancement major
#1649 WUI: the error message page for a writeable file/directory nonobviously includes the write cap usability security capleak websec assigned davidsarah defect major
#1665 Brainstorm webapi vulnerabilities between the operator and a user and between users. docs security webapi introducer accounting status websec multiuser-gateway new task major
#1696 attempting more than four simultaneous put uploads seems to break client integrity preservation reliability scalability error new somebody defect major
#1697 there is no test covering password-checking for SFTP or FTP tests sftp ftpd password security assigned daira defect major
#1797 WUI: view content in an HTML5 sandboxed iframe wui security usability javascript sandbox same-origin websec new defect major
#1798 Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages wui same-origin security capleak new freddyb defect major
#1859 Proof-of-concept attack: Upload and execute attacker controlled js from any domain. security javascript same-origin capleak websec new davidsarah defect major
#1904 filenames leak into log files from rename (and other web-API operations that take filenames) privacy logging easy new defect major
#2055 Building tahoe safely is non-trivial install security eggs pip setuptools packaging new daira defect major
#2090 Don't expose URIs after failed CLI commands easy security capleak error cli new daira defect major
#2214 DOS defect concerning forged shares DOS security verify tahoe-check new daira defect major
#2385 node web server should use DHE/ECDHE suites automatically security websec https forward-secrecy twisted new j3i enhancement major
#925 Information leak to holders of a directory read cap, about whether each dir entry is writeable and the length of its write cap backward-compatibility privacy security assigned daira defect normal
#1408 accounting using bitcoins bitcoin accounting performance leases security new somebody defect normal
#1415 WUI is more useful than CLI security privacy capleak integrity confidentiality new defect normal
#1535 Allow restricting Tahoe-LAFS gateway to one user by supporting Unix sockets wui cli socket unix security confidentiality integrity capleak new enhancement normal
#1694 package client and server separately performance security packaging p2p new somebody enhancement normal
#1890 submit proposal for restrict-referrer-leakage to the CSP standardizers and implementors referer referrer standards capleak research assigned davidsarah task normal
#1907 Tor over Tahoe-LAFS mutable tor-protocol privacy rollback performance joke new enhancement normal
#1946 consider removing some st_* fields from metadata privacy anonymity new defect normal
#1989 foolscap: "an inbound callRemote ... failed" log entries include all arguments memory confidentiality capleak logging foolscap new warner defect normal
#2009 One Grid to Rule Them All extensibility servers-of-happiness location newurls security globalcaps new daira defect normal
#2010 Implement shortcuts to caps usability newurls introducer security aliases new enhancement normal
#2018 padding to hide the size of plaintexts confidentiality privacy compression newcaps research new nejucomo enhancement normal
#2024 downloader hangs when server returns empty string download hang denial-of-service security new defect normal
#2057 reproducible builds install security eggs new daira enhancement normal
#2100 passphrase-encrypt the aliases file aliases security capleak usability new daira enhancement normal
#2136 Use Content-Security-Policy to harden the WUI csp wui security xss javascript new daira defect normal
#2142 How to enhance WebUI default security against capability eavesdropping? websec confidentiality privacy wui webapi docs new amontero enhancement normal
#2213 Make SFTP generate its own key sftp ssh-keygen usability security new enhancement normal
#2331 don't display capabilities without user explicitly asking for it security capleak assigned daira defect normal
#2335 clients shouldn't need to have persistent id anonymity privacy accounting foolscap new enhancement normal
#2350 Persistent Introducer connections leak IP addresses even when idle privacy new enhancement normal
#2369 Support encryptionless sftp using sftp-over-tcp performance security confidentiality integrity new HoverHell enhancement normal
#2421 connect tahoe-lafs repo to Docker Hub docker security github new warner defect normal
#2478 back up metadata from github (PRs, commit comments, etc.) github security new task normal
#2720 format_http_error leaks the URI security capleak new daira defect normal
1 2
Note: See TracQuery for help on using queries.