Opened 16 years ago
Last modified 16 years ago
#84 closed defect
RemoteReference.getRemoteTubID is not secure — at Initial Version
| Reported by: | Brian Warner | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | 0.4.0 |
| Component: | unknown | Version: | 0.2.9 |
| Keywords: | Cc: |
Description
The getRemoteTubID method (newly introduced in 0.3.0) is not yet secure: a malicious remote party can supply an arbitrary string for the URL/sturdyref of each referenceable, and the tubid portion of that string is not validated against the cryptographic connection properties.
I'm not sure that having getRemotetubID is a great idea anyways, but if we have it, it really ought to be secure.
The easiest fix will be to get this from the Broker, rather than from the RemoteReferenceTracker's copy of the per-object FURL.
Note: See
TracTickets for help on using
tickets.
