regarding KPF

George Staikos staikos at kde.org
Thu Apr 18 21:33:23 BST 2002


On April 18, 2002 16:11, Martijn Klingens wrote:
> On Thursday 18 April 2002 21:31, George Staikos wrote:
> >   https is not secure unless you have certificates that can be trusted
> > and that's not the simplest thing, especially since our certificate
> > generation code is not done.
>
> Well... do you know anything _better_ for KPF? :-)

   Well my point is just that it's really not much more secure than 
unencrypted http.

> Besides, I misunderstood Rik's problem, see his reply. I don't know how to
> make a secure server app in that respect though. I'd say that it doesn't
> make too much difference whether a readonly or a read/write app has a
> buffer overflow vulnerability though. Both can execute arbitrary code and
> do equal harm, so I am tempted to say that a simple authentication scheme
> over an encrypted connection should suffice for most people, or otherwise
> an RSA key that can be imported as 'trusted', just like SSH does it.

    Yes once we have certificate generation code, then we could do that with 
KSSL.  It already supports that functionality.  The problem is that as of 
now, we would have to require the user to generate the certificates manually 
with another app and then import them. That's no fun.

-- 

George Staikos





More information about the kde-core-devel mailing list