[Owncloud] Any application there (apart from Media) using the user's password ?
Lukas Reschke
lukas at owncloud.org
Wed Feb 6 10:03:22 UTC 2013
On Wed, Feb 6, 2013 at 10:58 AM, Daniel Danger <owncloud at danger-it.de>wrote:
> Quick thought on that: Is the password send via $_POST on every request,
> or just once on login? If the latter is the case, then not every app has
> the chance to read the password. (or am I wrong here?)
>
A malicious app can execute arbitrary PHP code (due to the lacking
sandboxing abilities of PHP), or even change the ownCloud code in a way to
intercept all the user passwords.
So this is not a problem from my side.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130206/8ea0cc03/attachment.html>
More information about the Owncloud
mailing list