[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: Fwd: possible security problem in kmail 1.6
From: Ingo =?iso-8859-1?q?Kl=F6cker?= <kloecker () kde ! org>
Date: 2004-02-15 21:49:37
Message-ID: 200402152249.48476 () erwin ! ingo-kloecker ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Sunday 15 February 2004 21:53, Andreas Pour wrote:
> Ingo Klöcker wrote:
> > On Sunday 15 February 2004 20:41, Andreas Pour wrote:
> > > IIUTC, this seems to be an architectural design flaw in
> > > KUniqueApplication. If all the user-visible windows have been
> > > closed, a flag should be set and the running instance not
> > > re-used, due to the obvious problems with having cached data that
> > > a user would believe is no longer cached and which could thus
> > > expose all kinds of private data.
> >
> > Sorry, but under no circumstances must two instances of KMail run
> > at the same time exactly because not all cached data (e.g. folder
> > indices, etc.) has been written back to disk and therefore
> > inconsistencies wouldn't be avoidable.
>
> Understood. But then in order to avoid deceiving the user, that
> KMail in fact is closed, I strongly urge you to leave a window open
> which states what KMail is doing (if the main window has been
> closed),
Okay.
> prioritize doing the essential tasks (such as writing folder
> indices)
That's not possible because after a message has been sent the index will
change (because the sent message is then moved to the sent-mail
folder). And aborting a send is also not an option.
> and if the progress window is forced to close that you
> immediately abort.
The sending progress dialog might have an Abort button for this.
> At no point in time IMO should a password be cached and the user
> given the impression it no longer is. People should be able to, and
> in fact do, share terminals :-).
Sharing terminals is not a problem. Sharing desktop sessions is. If
people are too lazy to make use of the protection that multiuser
operating systems like Linux or Unix provide that's those people's
problem. It's not exactly difficult to run two different sessions with
KDE and it's definitely easier to just lock your session than to close
all applications that might hold confidential data, be it KMail or
KWord or OpenOffice or whatnot.
Regards,
Ingo
[Attachment #5 (application/pgp-signature)]
_______________________________________________
KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic