[Owncloud] Re: comment on the encryption proposals

[Riccardo Iaconelli]

On Sunday 06 February 2011 22:47:07 guillermo berlin wrote:
>   hi,
> I was reading the encryption proposals and I notice the usage of cookies
> to avoid typing passwords so many times, this is a great function but
> implies a security risk in mobile devices such smartphones because they
> can be stolen or lost and could give third parties access to information
> stored in our owncloud that we do not want to be seen by others.
> I think it will recommended or necessary to have a way to identify which
> devices are connected ( like a unique ID), and from the server
> administration panel can be added to a blacklist and so prevent access
> to information stored in the cloud that was visible from the mobile
> device by other people.
> I say this as a constructive comment, because the theft of mobile phones
> and other devices in my country are quite common and this may be a risk
> to the data stored on the servers if there is any option like many
> mobile applications that remember the username and password (which is a
> useful function that saves time especially in this type of device)

Hi,
this is probably a good idea. I wonder if this doesn't pose any possible 
security risks if you manage to spoof the cookie.

Bye,
-Riccardo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20110226/14c7b5e7/attachment.sig>