From: Brian Warner Date: Fri, 26 Apr 2013 02:14:17 +0000 (-0700) Subject: NEWS: caution about secret introducer.furl in world-readable tahoe.cfg X-Git-Tag: allmydata-tahoe-1.10.0c2 X-Git-Url: https://git.rkrishnan.org/(%5B%5E?a=commitdiff_plain;h=7ae630559fc3e72920b4c61bad6214ebc5deea8f;p=tahoe-lafs%2Ftahoe-lafs.git NEWS: caution about secret introducer.furl in world-readable tahoe.cfg --- diff --git a/NEWS.rst b/NEWS.rst index 19aacfbf..5bc827bb 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -32,7 +32,9 @@ Security Improvements to generate a new FURL, delete the existing ``introducer.furl`` file and restart it. After doing this, the ``[client]introducer.furl`` setting of every client and server that should connect to that introducer must be - updated. (`#1802`_) + updated. Note that other users of a shared machine may be able to read + ``introducer.furl`` from your ``tahoe.cfg`` file unless you configure the + file permissions to prevent them. (`#1802`_) - Both ``introducer.furl`` and ``helper.furl`` are now censored from the Welcome page, to prevent users of your gateway from learning enough to create gateway nodes of their own. For existing guessable introducer