ExternalVendorCode/tahoe-lafs
1
0
Fork 0
mirror of https://github.com/tahoe-lafs/tahoe-lafs.git synced 2025-04-09 11:51:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

known_issues: update chart-API text, with suggestions from Leif. refs #1942

Browse Source
This commit is contained in:
Brian Warner 2013-04-23 16:39:53 -07:00
parent 57e9978090
commit 02975d1887
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/known_issues.rst
View File

@ -279,13 +279,14 @@ buffer overflow. (Note that browsers do not execute scripts inside IMG tags,
even for SVG images).
In addition, if your Tahoe node connects to its grid over Tor or i2p, but the
web browser you use to access it does not, then this image link may reveal
your use of Tahoe to the outside world. It is not recommended to use a
browser in this way, because other links in Tahoe-stored content would reveal
even more information (e.g. an attacker could store an HTML file with unique
CSS references into a shared Tahoe grid, then send your pseudonym a message
with its URI, then observe your browser loading that CSS file, and thus link
the source IP address of your web client to that pseudonym).
web browser you use to access your node does not, then this image link may
reveal your use of Tahoe (and that grid) to the outside world. It is not
recommended to use a browser in this way, because other links in Tahoe-stored
content would reveal even more information (e.g. an attacker could store an
HTML file with unique CSS references into a shared Tahoe grid, then send your
pseudonym a message with its URI, then observe your browser loading that CSS
file, and thus link the source IP address of your web client to that
pseudonym).
A future version of Tahoe will probably replace the Google Chart API link
(which was deprecated by Google in April 2012) with client-side javascript