id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	launchpad_bug
861	Any node interface available on a public exposes confidential grid info	imhavoc	somebody	"Any node that is available on an exposed IP address publishes the introducer furl and the helper furl (if attached) to the world.

This results in anyone discovering the address of an exposed node being able to attach to a grid and a helper. This could result in unlimited abuse.

If one wanted to store files on their grid, then publish specific files to the net, a public node is required. Once that node is published, finding the furls is trivial.

Example: Zooko's blog hosted on the !TestGrid:
http://testgrid.allmydata.org:3567/uri/URI:DIR2-RO:j74uhg25nwdpjpacl6rkat2yhm:kav7ijeft5h7r7rxdp5bgtlt3viv32yabqajkrdykozia5544jqa/wiki.html#2009-12-15

Going to the root of the node:
http://testgrid.allmydata.org:3567/

Introducer: 
{{{
pb://todjw7qkb4dgq4fkeo7cqydcu5vneioh@tahoecs2.allmydata.com:52106/introducer
Connected to introducer?: yes
}}}

This happens to be a wonderful feature for the !TestGrid, but a easy point of attack for anyone with a ""closed"" or ""limited"" grid."	defect	closed	major	undecided	code-frontend-web	1.5.0	duplicate	privacy security