[tor-bugs] #20022 [Core Tor/Tor]: Tor should deprecate insecure cookie auth
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 30 23:17:18 UTC 2016
#20022: Tor should deprecate insecure cookie auth
--------------------------+---------------------
Reporter: dkg | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+---------------------
Comment (by atagar):
As I understand it auth isn't necessary if using a control socket. By
using cookie authentication you're proving you have permission to read the
cookie file from disk. File-based sockets have similar access controls
making cookie auth redundant.
Happy to be corrected if I'm wrong. :)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20022#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list