[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: Security issue in Konqueror
From: George Staikos <staikos () kde ! org>
Date: 2001-06-23 17:01:03
[Download RAW message or body]
On Saturday 23 June 2001 01:40, Igor Gilitschenski wrote:
> > > A co-worker of mine pointed my attention at a possible Security problem
> > > in Konqueror today.
> > > While connecting to a i.e. Self-certified SSL site, you don't recieve a
> > > warning. You surely question, what the problem about this is.
> > > The point is the following: This makes an eventual man in the Middle
> > > attack possbile.
> >
> > Yes you are correct.
>
> So how can this problem be solved? I'm not experienced with KIO, yet,
Porting kio_http to TCPSlaveBase and filling in an unfinished if() {}
clause should fix it. I guess if someone wanted to, they could migrate the
missing code into kio_http too. I don't know how well that will work though.
> but it is AFAIK responsible for this. Does the https module have a CERT
> manager (i haven't found a general one for KDE)?
No I haven't been able to write that yet. It will come someday though.
> If the only point is a warning, then this one could be included into the
> KIO module, couldn't it?
I dont' understand what you mean by this...
--
George Staikos
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic