[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Security issue in Konqueror
From:       Igor Gilitschenski <igi-g () gmx ! net>
Date:       2001-06-23 5:40:32
[Download RAW message or body]

Hi,

On Fri, Jun 22, 2001 at 05:37:01PM -0400, George Staikos wrote:
> On Friday 22 June 2001 16:28, Igor Gilitschenski wrote:
> > Hi,
> >
> > A co-worker of mine pointed my attention at a possible Security problem
> > in Konqueror today.
> > While connecting to a i.e. Self-certified SSL site, you don't recieve a
> > warning. You surely question, what the problem about this is.
> > The point is the following: This makes an eventual man in the Middle
> > attack possbile.
> 
>   Yes you are correct.
So how can this problem be solved? I'm not experienced with KIO, yet,
but it is AFAIK responsible for this. Does the https module have a CERT
manager (i haven't found a general one for KDE)?
If the only point is a warning, then this one could be included into the
KIO module, couldn't it?

Igor
-- 
"Die Wirklichkeit ist nicht die Wahrheit"
- Realitaetspinzip, 1983, Erich Fried
 
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]