[Owncloud] Any application there (apart from Media) using the user's password ?
Robin Appelman
icewind at owncloud.com
Wed Feb 6 10:10:24 UTC 2013
Only once during login, but all apps still have the ability to read the password, loading the apps after login and unsetting the password from $_POST isn't an option since some apps need to be loaded before logging because they provide user backends
- Robin Appelman
Daniel Danger <owncloud at danger-it.de> wrote:
>Quick thought on that: Is the password send via $_POST on every request,
>or just once on login? If the latter is the case, then not every app has
>the chance to read the password. (or am I wrong here?)
>
>What I'm trying to say is, that maybe we can't do it perfectly, but
>doing it a little better would still be nice.
>
>Cheers
>Daniel
>
>On 02/06/2013 12:26 AM, Robin Appelman wrote:
>> On Tuesday 05 February 2013 21:32:20 Antoine Diamant-Berger wrote:
>> Even if we change that hook, there is nothing stopping any app from just
>> reading the value from $_POST.
>_______________________________________________
>Owncloud mailing list
>Owncloud at kde.org
>https://mail.kde.org/mailman/listinfo/owncloud
More information about the Owncloud
mailing list