KSSL session reuse bugs
George Staikos
staikos at kde.org
Fri Oct 24 06:02:31 BST 2003
On Thursday 23 October 2003 04:31, Stefan Rompf wrote:
> we should not store the sessions KDE-wide. The solution you suggested would
> give everybody who can type "dcop kded kssld" (and has some SSL knowledge)
> the possibility to negotiate weak sessions and make applications use them.
> That would open a gaping security hole.
I don't think it's that bad of a security hole. They could easily get it
other ways.
> So I think the scope of a session must be limited to the io-slave or the
> application. For the current implementation, George decided for
> application, IMHO the right choice.
Yes, io-slave will never work since we spawn many of them.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the kde-core-devel
mailing list