[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #14389 [Tor]: Improve TBB UI of hidden service client authorization
#14389: Improve TBB UI of hidden service client authorization
------------------------+--------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.???
Component: Tor | Version:
Resolution: | Keywords: tor-hs
Actual Points: | Parent ID:
Points: |
------------------------+--------------------------
Comment (by meejah):
special and I were chatting on IRC, and thought that should be captured
somewhere. That somewhere is here. I've removed some things from the below
"log" to make it more clear.
{{{
13:52 < meejah> one thing tor-launcher lacks is a way to give it cookies
for basic/stealth auth'd hidden-services
13:53 < meejah> ...would teaching it to understand
http://thecookie@xxxxxxxxxxxxxxxx be a terrible idea? (obvious "con" is:
people would probably copy/paste that and reveal their
seekrit)
13:54 < special> this would be ambiguous with standard HTTP
authentication, for one
13:58 < special> I wonder how hard it would be to have the browser prompt
for HS auth credentials..
13:58 < special> probably hard
13:59 < meejah> maybe just a static http://auth@xxxxxxxxxxxxxxxx could
trigger popping a dialog for the cookie? pretty hacky though
13:59 < special> well, I think a tor client can request the descriptor and
know that it needs credentials to use it
13:59 < special> it could, theoretically, ask for those credentials over
the control port
14:00 < meejah> yeah. right now you have to SETCONF on HidServAuth ...
which is fragile (as it's easy to destroy any other auths you might have
set up manually)
14:01 < special> yes. I also mean that it could ask after requesting the
descriptor, without knowing beforehand that credentials would be required
14:01 < special> just like visiting a website with HTTP auth enabled; you
get a popup dialog
14:01 < meejah> true, that would be cool -- but unprecedented i think?
(Are there any commands that do a request from tor->controller?)
14:03 < special> meejah: __LeaveStreamsUnattached works that way, I
suppose.
14:04 < meejah> special: ah! yes, that's true!
14:04 < meejah> for consistency one probably needs
"__QueryDescriptorCookies=1" or something ;)
14:05 < special> hmm
14:06 < special> meejah: if we're well behaved developers, we should
summarize this conversation on a ticket somewhere. It sounds vaguely
useful.
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14389#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs