Adding aliases to the WUI

[multikatt]

The aliases will be listed just under "View File or Directory" on the welcome screen.
At this point it lists clickable links to the aliases (which opens them in the wui) and their shortened node ids.

Later it would be nice to be able to add and remove aliases too.

[markberger]

Hey @multikatt,

Thanks for the pull request. I think this is a great idea for the WUI but I think it's important that this behavior be opt-in since you are exposing aliases. Also, you should open a ticket on the tahoe-lafs site in order to get the opinions of other people.

[daira]

Unfortunately this functionality can't be included, because the welcome page is at a guessable URL and so it is insecure for it to contain secrets. There are plans to have a WUI "control panel", separate from the welcome page and at an unguessable URL, that could have links to aliases.

[pataquets]

@multikatt: Since aliases contain sensitive information, disclosing anything on it would be a great security risk. However, I think that achieving a WebUI aliases directory could be interesting for some scenarios.
Reading them from other file different than "private/aliases", such as "public_html/webui_aliases" or something to be discussed further, might be a nice compromise.
I encourage you to file a ticket as @markberger and @daira said to discuss it.

[daira]

The ticket is https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2143

[multikatt]

Sorry about my slowness to put the ticket on here, thanks for doing that for me daira.
I can now absolutely see how this is a security issue in general, however on my local machine I value the ease of having my aliases listed in the wui over the potential risks it might render. Since i'm the only one who's supposed to access the wui i'd be in more trouble than someone getting my aliases's uris if someone else manages to access it.
But of course that's not the case for many nodes, so this really should be an opt-in as absolute best.
So back to the drawing board, thanks for your thoughts and pointers.
@pataquets good idea about a separate file, I'll poke around a bit with that.

[zooko]

Dear multikatt: thank you very much for the patch. I, too, would like to see this added to the WUI in a safe way. If I understand correctly, the current patch, with the "people can only connect to the WUI from localhost" security feature in place, is exactly the situation we had in Tahoe-LAFS v0.5, which Nathan Wilcox then demonstrated a live exploit for that could delete or otherwise alter a user's data!

https://tahoe-lafs.org/hacktahoelafs/nathan_wilcox.html

The solution that we deployed in Tahoe-LAFS v0.5.1 was to remove this feature, which if I understand correctly is the feature that your patch puts back in! ☺

I think the way forward, as Daira alluded in #80 (comment), is to implement https://tahoe-lafs.org/trac/tahoe-lafs/ticket/674 (“controlled access to your WUI”). With that implemented, then we could safely add aliases to the WUI.