comment on the encryption proposals

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

comment on the encryption proposals

guillermo berlin
  hi,
I was reading the encryption proposals and I notice the usage of cookies
to avoid typing passwords so many times, this is a great function but
implies a security risk in mobile devices such smartphones because they
can be stolen or lost and could give third parties access to information
stored in our owncloud that we do not want to be seen by others.
I think it will recommended or necessary to have a way to identify which
devices are connected ( like a unique ID), and from the server
administration panel can be added to a blacklist and so prevent access
to information stored in the cloud that was visible from the mobile
device by other people.
I say this as a constructive comment, because the theft of mobile phones
and other devices in my country are quite common and this may be a risk
to the data stored on the servers if there is any option like many
mobile applications that remember the username and password (which is a
useful function that saves time especially in this type of device)

I hope not to anger anyone


regaards,
Guillermo

Reply | Threaded
Open this post in threaded view
|

Re: comment on the encryption proposals

Riccardo Iaconelli
On Sunday 06 February 2011 22:47:07 guillermo berlin wrote:

>   hi,
> I was reading the encryption proposals and I notice the usage of cookies
> to avoid typing passwords so many times, this is a great function but
> implies a security risk in mobile devices such smartphones because they
> can be stolen or lost and could give third parties access to information
> stored in our owncloud that we do not want to be seen by others.
> I think it will recommended or necessary to have a way to identify which
> devices are connected ( like a unique ID), and from the server
> administration panel can be added to a blacklist and so prevent access
> to information stored in the cloud that was visible from the mobile
> device by other people.
> I say this as a constructive comment, because the theft of mobile phones
> and other devices in my country are quite common and this may be a risk
> to the data stored on the servers if there is any option like many
> mobile applications that remember the username and password (which is a
> useful function that saves time especially in this type of device)

Hi,
this is probably a good idea. I wonder if this doesn't pose any possible
security risks if you manage to spoof the cookie.

Bye,
-Riccardo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://mail.kde.org/pipermail/owncloud/attachments/20110226/14c7b5e7/attachment.sig 

Reply | Threaded
Open this post in threaded view
|

Re: comment on the encryption proposals

kunal ghosh
On Sat, Feb 26, 2011 at 11:21 PM, Riccardo Iaconelli <riccardo at kde.org>wrote:

> On Sunday 06 February 2011 22:47:07 guillermo berlin wrote:
> >   hi,
> > I was reading the encryption proposals and I notice the usage of cookies
> > to avoid typing passwords so many times, this is a great function but
> > implies a security risk in mobile devices such smartphones because they
> > can be stolen or lost and could give third parties access to information
> > stored in our owncloud that we do not want to be seen by others.
> > I think it will recommended or necessary to have a way to identify which
> > devices are connected ( like a unique ID), and from the server
> > administration panel can be added to a blacklist and so prevent access
> > to information stored in the cloud that was visible from the mobile
> > device by other people.
> > I say this as a constructive comment, because the theft of mobile phones
> > and other devices in my country are quite common and this may be a risk
> > to the data stored on the servers if there is any option like many
> > mobile applications that remember the username and password (which is a
> > useful function that saves time especially in this type of device)
>
> Hi,
> this is probably a good idea. I wonder if this doesn't pose any possible
> security risks if you manage to spoof the cookie.
>
Hi all,