[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Security issue in Konqueror
From:       George Staikos <staikos () kde ! org>
Date:       2001-06-23 17:01:03
[Download RAW message or body]

On Saturday 23 June 2001 01:40, Igor Gilitschenski wrote:
> > > A co-worker of mine pointed my attention at a possible Security problem
> > > in Konqueror today.
> > > While connecting to a i.e. Self-certified SSL site, you don't recieve a
> > > warning. You surely question, what the problem about this is.
> > > The point is the following: This makes an eventual man in the Middle
> > > attack possbile.
> >
> >   Yes you are correct.
>
> So how can this problem be solved? I'm not experienced with KIO, yet,

  Porting kio_http to TCPSlaveBase and filling in an unfinished if() {} 
clause should fix it.  I guess if someone wanted to, they could migrate the 
missing code into kio_http too.  I don't know how well that will work though.

> but it is AFAIK responsible for this. Does the https module have a CERT
> manager (i haven't found a general one for KDE)?
   
   No I haven't been able to write that yet.  It will come someday though.

> If the only point is a warning, then this one could be included into the
> KIO module, couldn't it?

   I dont' understand what you mean by this... 

-- 

George Staikos

 
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]