Comment 0 for bug 395960
Revision history for this message
| Stuart Bishop (stub) wrote 'private' Librarian opens us to security vulnerabilities | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
The production Librarian runs on a non-launchpad.net domain. This means that if a HTML document or other content that can embed commands is served, the browser security model should stop it stealing authentication credentials.
We are now proxying some files via Launchpad - stuff served from the 'private' Librarian. The current pattern is that these files are served from the launchpad.net domain. If we neglect to whitelist the type of user provided files that can be served from launchpad.net, or browser bugs allow whitelisted content to be executed by the browser, we open ourselves to attack such as having authentication tokens stolen.
We need a pattern that is secure by default so that when more content is migrated to the 'private' Librarian (bug attachments for instance), we don't shoot ourselves in the foot.