regarding KPF
Martijn Klingens
klingens at kde.org
Thu Apr 18 21:11:58 BST 2002
On Thursday 18 April 2002 21:31, George Staikos wrote:
> https is not secure unless you have certificates that can be trusted and
> that's not the simplest thing, especially since our certificate generation
> code is not done.
Well... do you know anything _better_ for KPF? :-)
Besides, I misunderstood Rik's problem, see his reply. I don't know how to
make a secure server app in that respect though. I'd say that it doesn't make
too much difference whether a readonly or a read/write app has a buffer
overflow vulnerability though. Both can execute arbitrary code and do equal
harm, so I am tempted to say that a simple authentication scheme over an
encrypted connection should suffice for most people, or otherwise an RSA key
that can be imported as 'trusted', just like SSH does it.
But regarding security and crypto I think many of the KDE developers are way
ahead of me, so as soon as you're talking actual code better ask someone else
:-)
Martijn
More information about the kde-core-devel
mailing list