[Owncloud] Re: comment on the encryption proposals
kunal ghosh
kunal.t2 at gmail.com
Sun Feb 27 02:08:20 UTC 2011
On Sat, Feb 26, 2011 at 11:21 PM, Riccardo Iaconelli <riccardo at kde.org>wrote:
> On Sunday 06 February 2011 22:47:07 guillermo berlin wrote:
> > hi,
> > I was reading the encryption proposals and I notice the usage of cookies
> > to avoid typing passwords so many times, this is a great function but
> > implies a security risk in mobile devices such smartphones because they
> > can be stolen or lost and could give third parties access to information
> > stored in our owncloud that we do not want to be seen by others.
> > I think it will recommended or necessary to have a way to identify which
> > devices are connected ( like a unique ID), and from the server
> > administration panel can be added to a blacklist and so prevent access
> > to information stored in the cloud that was visible from the mobile
> > device by other people.
> > I say this as a constructive comment, because the theft of mobile phones
> > and other devices in my country are quite common and this may be a risk
> > to the data stored on the servers if there is any option like many
> > mobile applications that remember the username and password (which is a
> > useful function that saves time especially in this type of device)
>
> Hi,
> this is probably a good idea. I wonder if this doesn't pose any possible
> security risks if you manage to spoof the cookie.
>
Hi all,
>From the security standpoint , we could use a public key-private key
mechanism ?
Only if the mobile phone's public key is there with the server, will it
allow the connection to be made.
Granting access to new devices, and revoking access, is also very easy in
this manner.
--
regards
-------
Kunal Ghosh
Dept of Computer Sc. & Engineering.
Sir MVIT
Bangalore,India
permalink: member.acm.org/~kunal.t2 <http://member.acm.org/%7Ekunal.t2>
Blog:kunalghosh.wordpress.com
Website:www.kunalghosh.net46.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20110227/7515e7ba/attachment.html>
More information about the Owncloud
mailing list