[tahoe-dev] Tahoe WUI enhancement suggestion

till tilllt at yahoo.com
Tue Jun 18 10:46:26 UTC 2013 

To explain this a little better: I am wondering if access to my Files on tahoe is tied to the necessity of carrying around some sort of technical device with me to store the URI's, which are not possible to memorize. So if i am on the road, i have no smartphone, no thumb drive, but internet access through browser only (no shell and no SSH: i.e. internet-cafe), there is no secure means how i could access to my stuff, except for printing out the URI's on a slip of paper that i carry around and typing them in - (assuming that i have access to the wui from the internet)?

On Jun 18, 2013, at 12:18 PM, till wrote:

> So, 
> 
> excuse my lack of knowledge on XSS and Web Security in General: So it makes no difference if the WUI just has access to the alias names without their uri's and the tahoe process looks them up for you? I still dont understand why, i.e. typing an alias into the "open directory" field on the WUI instead of directly putting it's URI is different, security wise. 
> 
> From a usability point of view: Now i have to keep a list of URIs of my directories somewhere to copy&paste them if i want access to them. I can define them in the alias file and "cat aliases" whenever i want access them in the WUI, but then i am at the CLI already and could do my tahoe stuff from there. So in what way do you imagine the average user to have his/her URI's available, carrying around a usb drive with a list on it, which probably should be encrypted itself?
> 
> cheers,
> t.
>  
> 
> 
> On Jun 18, 2013, at 7:46 AM, Tony Arcieri wrote:
> 
>> BTW, you might check out oasis.js: capabilities-based sandboxing for the web with polyfills for older browsers:
>> 
>> http://oasisjs.com/
>> 
>> 
>> On Mon, Jun 17, 2013 at 8:15 PM, Tony Arcieri <tony.arcieri at gmail.com> wrote:
>> On Mon, Jun 17, 2013 at 6:53 PM, Daira Hopwood (formerly David-Sarah) <davidsarah at leastauthority.com> wrote:
>> If the aliases list is at a known URL, then any content in the same origin
>> could access all of the aliases.
>> 
>> Okay, that's a valid concern, thanks. And I hope you can implement <iframe sandbox> soon, browser support permitting
>> 
>> -- 
>> Tony Arcieri
>> 
>> 
>> 
>> -- 
>> Tony Arcieri
>> _______________________________________________
>> tahoe-dev mailing list
>> tahoe-dev at tahoe-lafs.org
>> https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
> 
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at tahoe-lafs.org
> https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20130618/2b333a31/attachment.html>

More information about the tahoe-dev mailing list