From: Daira Hopwood Date: Thu, 5 Sep 2013 18:06:26 +0000 (+0100) Subject: Fri Nov 18 00:00:30 GMT 2011 david-sarah@jacaranda.org X-Git-Url: https://git.rkrishnan.org/listings/pb2server.py?a=commitdiff_plain;h=3fae60a5ed2c169acb3cfbfea6b6ab259f5f7d92;p=tahoe-lafs%2Ftahoe-lafs.git Fri Nov 18 00:00:30 GMT 2011 david-sarah@jacaranda.org * Strengthen description of unauthorized access attack in known_issues.rst. --- diff --git a/docs/known_issues.rst b/docs/known_issues.rst index 5db6c96e..db36315e 100644 --- a/docs/known_issues.rst +++ b/docs/known_issues.rst @@ -30,13 +30,13 @@ Known Issues in Tahoe-LAFS v1.9.2, released 23-Jun-2012 ---- -Potential unauthorized access by JavaScript in unrelated files +Unauthorized access by JavaScript in unrelated files ---------------------------------------------------- If you view a file stored in Tahoe-LAFS through a web user interface, -JavaScript embedded in that file might be able to access other files or -directories stored in Tahoe-LAFS which you view through the same web -user interface. Such a script would be able to send the contents of +JavaScript embedded in that file can, in some circumstances, access other +files or directories stored in Tahoe-LAFS that you view through the same +web user interface. Such a script would be able to send the contents of those other files or directories to the author of the script, and if you have the ability to modify the contents of those files or directories, then that script could modify or delete those files or directories.