Opened at 2010-03-13T20:16:37Z
Last modified at 2014-09-11T22:20:19Z
#997 new defect
The webapi/WUI should have https enabled by default — at Initial Version
| Reported by: | jsgf | Owned by: | nobody |
|---|---|---|---|
| Priority: | major | Milestone: | undecided |
| Component: | code-frontend-web | Version: | 1.6.0 |
| Keywords: | confidentiality wui webapi capleak | Cc: | |
| Launchpad Bug: |
Description
In the spirit of making the defaults secure, the web interface should have https enabled by default. Plain http is only secure if you assume users will always interact with the server over a secure network, but practice shows that people often connect to remote servers.
This implies that Tahoe should ship with some certificates. These can be any dummy self-signed certs, since we just need secure key negotiation.
Note: See
TracTickets for help on using
tickets.
