filenames leak into log files from rename (and other web-API operations that take filenames) #1904

Open
opened 2013-01-14 08:58:10 +00:00 by zooko · 2 comments

I just saw something I didn't want to see in someone else's log file:

22:29:43.173 [196712]: web: 127.0.0.1 GET /uri/[CENSORED]..?t=rename-form&name=me+just+before+I+shot+JFK&when_done=.&rename=rename 200 1111

Dammit! Now I know who shot JFK. I didn't want to know that.

This ticket could become more important to https://LeastAuthority.com in the future, as we intend to make it very easy for our customers to opt-in to having their incident report files sent automatically to our log gatherer. I would like to see this ticket fixed ASAP so that in the future our customers will have a fixed version of Tahoe-LAFS installed...

If you like this ticket, you may also like: #562, #563, #685, and #1008.

I just saw something I didn't want to see in someone else's log file: ``` 22:29:43.173 [196712]: web: 127.0.0.1 GET /uri/[CENSORED]..?t=rename-form&name=me+just+before+I+shot+JFK&when_done=.&rename=rename 200 1111 ``` Dammit! Now I know who shot JFK. I didn't want to know that. This ticket could become more important to <https://LeastAuthority.com> in the future, as we intend to make it very easy for our customers to opt-in to having their incident report files sent automatically to our log gatherer. I would like to see this ticket fixed ASAP so that in the future our customers will have a fixed version of Tahoe-LAFS installed... If you like this ticket, you may also like: #562, #563, #685, and #1008.
zooko added the
code-nodeadmin
major
defect
1.9.2
labels 2013-01-14 08:58:10 +00:00
zooko added this to the undecided milestone 2013-01-14 08:58:10 +00:00
daira commented 2013-04-22 23:36:34 +00:00
Owner

Note that many web-API operations take filenames. Removing 'confidentiality' from keywords since this does not leak file contents, which is how that keyword is defined.

Note that many web-API operations take filenames. Removing 'confidentiality' from keywords since this does not leak file contents, which is how that keyword is defined.
tahoe-lafs added
code-frontend-web
and removed
code-nodeadmin
labels 2013-04-22 23:36:34 +00:00
tahoe-lafs changed title from filenames leak into log files from rename to filenames leak into log files from rename (and other web-API operations that take filenames) 2013-04-22 23:36:34 +00:00
daira commented 2013-05-13 01:02:49 +00:00
Owner

From the duplicate #385 of a particular case ("webapi download with ?filename= should not log filename"):

I noticed today that our log-sanitizing is failing to remove the filenames specified as query arguments from the web hits that we log. This is closely related to #221 (give proper filenames on download). I think that if we make the download links use a filename as the last component of the URL (rather than in a query arg), then that will resolve this issue easily.

From the duplicate #385 of a particular case ("webapi download with `?filename=` should not log filename"): > I noticed today that our log-sanitizing is failing to remove the filenames specified as query arguments from the web hits that we log. This is closely related to #221 (give proper filenames on download). I think that if we make the download links use a filename as the last component of the URL (rather than in a query arg), then that will resolve this issue easily.
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Reference: tahoe-lafs/trac-2024-07-25#1904
No description provided.