[ale] Mozilla strangeness

James P. Kinney III jkinney at localnetsolutions.com
Wed Oct 27 13:37:02 EDT 2004


On Wed, 2004-10-27 at 09:15, Geoffrey wrote:
> James P. Kinney III wrote:
> 
> > Currently the calendar access is through a basic .htaccess form that 
> > involves sending username and password. I have not checked to see if
> > the data is cached past a closing of the app yet.
> 
> Then you should know that the password is passed in plai text when 
> accessing it via the web anyway.

Yep. I was seeing as an office exploit (Fred goes to lunch and evil Joe
types access:config and gets his calendar and password. Then goes in and
"reschedules" some important meetings so evil Joe looks good and Fred
get fired).

The Calendar developers looked at it and decided it is a bug that should
certainly be squashed.

-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list