Ter, 2005-11-15 às 10:21 -0800, Corey Burger escreveu: > On 11/15/05, Chris Ball <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I'm not the author of gobby[1], but I'd like to hear thoughts on whether > > gobby should be proposed for inclusion in Gnome 2.14. Gobby is a > > collaborative text editor using GtkSourceView/GTK 2.6, with external > > dependencies of libgmp, gtkmm and libxml++. There are two libraries > > that are maintained by the gobby authors used: libobby and libnet6. > > > > Collaborative editing is an application many people don't seem to have > > realised is possible with their computers; I think having it available > > such that two GNOME users can easily start a collaborative session > > together would be massively beneficial. > > Gobby is a lot of fun and a great piece of work, but having used this > extensively at UBZ (along with the rest of the people there), we found > some bugs[1] that might need to be addressed before we foist it on the > unsuspecting user.
I subscribe the good opinion about Gobby, generally, but the security of its network protocol leaves a lot to be desired. I captured the protocol stream with ethereal and, while there is a password based authentication scheme at session setup time, the remaining of the traffic passes essentially in clear text: neither authenticated nor encrypted. That is a potencial security hole. I wouldn't dare to do collaborative editing across the internet with Gobby, yet gobby allows this easily and doesn't even warn users of these dangers. Why can't the session passphrase be used to cypher the whole TCP stream? Surely that isn't so hard to do, these days. I'm sure there are ready made functions in openssl or gnutls libraries. Regards. -- Gustavo J. A. M. Carneiro <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> The universe is always one step beyond logic. _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
