No subject

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

No subject

mechanism ?
Only if the mobile phone's public key is there with the server, will it
allow the connection to be made.

Granting access to new devices, and revoking access, is also very easy in
this manner.

Kunal Ghosh
Dept of Computer Sc. & Engineering.

permalink: <>

Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<br><br><div class=3D"gmail_quote">On Sat, Feb 26, 2011 at 11:21 PM, Riccar=
do Iaconelli <span dir=3D"ltr">&lt;<a href=3D"mailto:riccardo at">ricc=
ardo at</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" sty=
le=3D"margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204);=
 padding-left: 1ex;">
<div class=3D"im">On Sunday 06 February 2011 22:47:07 guillermo berlin wrot=
&gt; =A0 hi,<br>
&gt; I was reading the encryption proposals and I notice the usage of cooki=
&gt; to avoid typing passwords so many times, this is a great function but<=
&gt; implies a security risk in mobile devices such smartphones because the=
&gt; can be stolen or lost and could give third parties access to informati=
&gt; stored in our owncloud that we do not want to be seen by others.<br>
&gt; I think it will recommended or necessary to have a way to identify whi=
&gt; devices are connected ( like a unique ID), and from the server<br>
&gt; administration panel can be added to a blacklist and so prevent access=
&gt; to information stored in the cloud that was visible from the mobile<br=
&gt; device by other people.<br>
&gt; I say this as a constructive comment, because the theft of mobile phon=
&gt; and other devices in my country are quite common and this may be a ris=
&gt; to the data stored on the servers if there is any option like many<br>
&gt; mobile applications that remember the username and password (which is =
&gt; useful function that saves time especially in this type of device)<br>
this is probably a good idea. I wonder if this doesn&#39;t pose any possibl=
security risks if you manage to spoof the cookie.<br></blockquote><div>Hi a=
ll,<br><br>From the security standpoint , we could use a public key-private=
 key mechanism ?<br>Only if the mobile phone&#39;s public key is there with=
 the server, will it allow the connection to be made.<br>
<br>Granting access to new devices, and revoking access, is also very easy =
in this manner.<br><br></div></div>-- <br>regards<br>-------<br>Kunal Ghosh=
<br>Dept of Computer Sc. &amp; Engineering.<br>Sir MVIT<br>Bangalore,India<=
<br>permalink: <a href=3D"" target=3D"_bla=
nk"></a><br><div>Blog:<a href=3D"http://kunalghosh.=" target=3D"_blank"></a><br>Website:<a=
 href=3D"" target=3D"_blank">www.kunalghosh.=</a><br>