The IMAP API as originally implemented uses the same internal password cache for logging in as the WebUI. This has the side-effect of the WebUI being unlocked while a mail client is authenticated with IMAP, which is unintuitive and unlikely to match user expectations.
The password cache system should be extended with independent authentication contexts.
{
"status": "assigned",
"changetime": "2017-01-17T12:48:22",
"description": "The IMAP API as originally implemented uses the same internal password cache for logging in as the WebUI. This has the side-effect of the WebUI being unlocked while a mail client is authenticated with IMAP, which is unintuitive and unlikely to match user expectations.\n\nThe password cache system should be extended with independent authentication contexts.",
"reporter": "str4d",
"cc": "",
"resolution": "",
"_ts": "1484657302682027",
"component": "apps/plugins",
"summary": "Separate password caches for I2P-Bote WebUI and IMAP",
"priority": "minor",
"keywords": "I2P-Bote security",
"version": "0.9.28",
"parents": "",
"time": "2017-01-03T18:20:23",
"milestone": "undecided",
"owner": "str4d",
"type": "defect"
}
The IMAP API as originally implemented uses the same internal password cache for logging in as the WebUI. This has the side-effect of the WebUI being unlocked while a mail client is authenticated with IMAP, which is unintuitive and unlikely to match user expectations.
The password cache system should be extended with independent authentication contexts.
Migrated from https://trac.i2p2.de/ticket/1910