search

i2p / i2p.i2p-bote

I2P-Bote is a serverless, encrypted e-mail application.
https://i2pbote.xyz
Other
146 stars 44 forks source link

Separate password caches for WebUI and IMAP (Trac #1910) #86

Open str4d opened 7 years ago

str4d commented 7 years ago

The IMAP API as originally implemented uses the same internal password cache for logging in as the WebUI. This has the side-effect of the WebUI being unlocked while a mail client is authenticated with IMAP, which is unintuitive and unlikely to match user expectations.

The password cache system should be extended with independent authentication contexts.

Migrated from https://trac.i2p2.de/ticket/1910

{
    "status": "assigned", 
    "changetime": "2017-01-17T12:48:22", 
    "description": "The IMAP API as originally implemented uses the same internal password cache for logging in as the WebUI. This has the side-effect of the WebUI being unlocked while a mail client is authenticated with IMAP, which is unintuitive and unlikely to match user expectations.\n\nThe password cache system should be extended with independent authentication contexts.", 
    "reporter": "str4d", 
    "cc": "", 
    "resolution": "", 
    "_ts": "1484657302682027", 
    "component": "apps/plugins", 
    "summary": "Separate password caches for I2P-Bote WebUI and IMAP", 
    "priority": "minor", 
    "keywords": "I2P-Bote security", 
    "version": "0.9.28", 
    "parents": "", 
    "time": "2017-01-03T18:20:23", 
    "milestone": "undecided", 
    "owner": "str4d", 
    "type": "defect"
}
str4d commented 7 years ago

Trac update at 20170117T12:48:22: