[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: Fwd: possible security problem in kmail 1.6
From: Andreas Pour <pour () mieterra ! com>
Date: 2004-02-15 20:53:56
Message-ID: 402FDC64.31BD0DB () mieterra ! com
[Download RAW message or body]
Ingo Klöcker wrote:
>
> On Sunday 15 February 2004 20:41, Andreas Pour wrote:
> > IIUTC, this seems to be an architectural design flaw in
> > KUniqueApplication. If all the user-visible windows have been
> > closed, a flag should be set and the running instance not re-used,
> > due to the obvious problems with having cached data that a user would
> > believe is no longer cached and which could thus expose all kinds of
> > private data.
>
> Sorry, but under no circumstances must two instances of KMail run at the
> same time exactly because not all cached data (e.g. folder indices,
> etc.) has been written back to disk and therefore inconsistencies
> wouldn't be avoidable.
Understood. But then in order to avoid deceiving the user, that KMail in fact
is closed, I strongly urge you to leave a window open which states what KMail is
doing (if the main window has been closed), prioritize doing the essential tasks
(such as writing folder indices) and if the progress window is forced to close
that you immediately abort.
At no point in time IMO should a password be cached and the user given the
impression it no longer is. People should be able to, and in fact do, share
terminals :-).
Indeed, if I am a lawyer and I access my e-mail at work and exit KMail and then
my wife uses KMail and can access my e-mail, then I have violated the law. And
I am sure there are many other security issues at stake here. If we want KDE to
be taken seriously in the enterprise and government then we cannot allow such
serious security lapses to happen.
--
None are more hopelessly enslaved than those who falsely
believe they are free.
-- Johann Wolfgang von Goethe
_______________________________________________
KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic