turn your head and cough while we lift this area here!!! But, the first order of business is for this is to fix the bloody start up password problems.Īre you guys going to change the status of this bug to VALID or what?Ĭome on now. For the user to be really safe, the data sitting behind the client needs to be strongly encrypted. Just the password and preventing the client from starting up doesn't quite do it. So then someone says, Ok, so the client doesn't start up we're secure!!! WRONG. Have you tried to use something called Lotus Notes? It asks for a userid / password and and failing to correctly authenticate prevents you from getting to the mail through the client. ) is completely exposed.Īnd all this time I was under the misguided belief the Mozilla Products were designed with security conciseness. So the data that sits behind my Thunderbird Ebail client (regardless of source (POP / POP3 / IMAP / DRAFT. So has the design / development team decided to fix this or have they put their respective heads in the sand and taken the this is a "FEECHUR" attitude? Yes, its not the entire message, but subject, sender etc. However, displaying information on previously seen IMAP messages is an issue. I would like to see local content protected, but that doesn't seem to have been a design option so lets just leave that as a "would be nice to have". If an IMAP account has been "synced" locally, its in the same class as downloaded POP messages. In fact, you do see information (subject, sender, date etc) of previously seen email, which I really think should NOT be displayed until the password has been given. With an IMAP account, with email stored on the server, you should see absolutely nothing until the account password is given. If you are dealing with a POP account, you should (absent protection for local data) see the downloaded email, but not anything at all to do with email still on the POP server until the password is given. There could usefully be another level of protection on locally stored email, but that is a slightly different topic. There is currently only one level of protection - account passwords. The basic problem seems to be a lack of clear understanding of what password security is provided, and how it works.
0 kommentar(er)
