Thanks Ruben! Always appreciate your attention to those little details - things that make Mailplane so great to use... :)
2009/2/5 Ruben Bakker <[email protected]> > Hi Kinny, > Thanks for your explanation. I think I now understand your requirements. > I'll try to find a solution... > > > On Wed, Feb 4, 2009 at 8:32 AM, Kinny Cheng <[email protected]> wrote: > >> Thanks for the insight, Jesse. >> It makes sense that this seems to be what's happening at the moment. But >> the fact is, it makes no sense whatsoever to cache authentication for >> accounts other than the one with the offline access enabled. >> >> And the theory of "allowing Offline access for one, it is on for all" >> doesn't fly either. >> >> Imagine: if I shared a computer with the family, and where everyone has >> their own Gmail account/s, this would mean granting me full access to all >> those accounts without me even having to enter in a password, which is >> usually required. >> >> I agree with Ruben, that Gmail seems to have overlooked the security >> implications of offline Gmail access. >> >> >> 2009/2/4 Jesse Read <[email protected]> >> >> While I am no GMail engineer (or any Google dev at all) I would think that >>> based on the way Gears works (via WebKit I believe, hence you only need to >>> install it via on app and it is available to all WebKit based apps) if you >>> allow Offline access for one, it is on all - at least in terms of cached >>> authentication. >>> I may be wrong though, in fact I probably am. Ruben should be able to get >>> more insight. >>> >>> -- Jesse >>> >>> >>> >>> On Tue, Feb 3, 2009 at 1:58 PM, Kinny Cheng <[email protected]> wrote: >>> >>>> Hi Ruben, >>>> I'm not sure if I understand you correctly. But... >>>> >>>> I remember you mentioning previously that passwords are now saved for >>>>>> accounts that use Offline Gmail - meaning that, even if I didn't choose >>>>>> to >>>>>> store my password in Mailplane, Google Gears would still do this anyway? >>>>>> >>>>> >>>>> If you enabled the "Store password in Keychain" setting, passwords are >>>>> only stored in the keychain. What Gmail stores is a session cookie, it >>>>> doens't contain any username/password. It is used by Gmail to communicate >>>>> with their servers. >>>>> >>>> >>>> I did not elect to have any of my Gmail passwords stored to my keychain. >>>> This is because I would prefer to enter my password each time I access a >>>> specific Gmail account, per Mailplane session. >>>> >>>> I am okay with being able to switch between the different accounts >>>> freely after I've done the initial authentication. But once I choose to >>>> not >>>> need the access to email anymore, I just quit Mailplane. The next time I >>>> start Mailplane, it'll ask me for my Gmail password - which is what I want, >>>> and which has how it's always been since day one. >>>> >>>> >>>> >>>>> >>>>> When Online: >>>>> If you start Mailplane or switch to an account, Gmail will use the >>>>> cookie for the account in question. It takes about 10 days to get the >>>>> authentication window again. >>>>> >>>>> When Offline: >>>>> >>>>> Gmail directly opens the offline store, neither a password, nor a >>>>> cookie is required to access it! See these "Offline Gmail" threads for >>>>> more >>>>> information: >>>>> >>>>> >>>>> http://groups.google.com/group/gmail-labs-help-offline/browse_thread/thread/231787671b5c72d7# >>>>> >>>>> >>>>> http://groups.google.com/group/gmail-labs-help-offline/browse_thread/thread/0d8c442af1147b97# >>>>> >>>>> >>>>> Mailplane 2.0.1 always authenticates your account before granting >>>>> access, even if you had a valid cookie. Because of the new offline support >>>>> this made no sense anymore, as it can only authenticate when online. This >>>>> is >>>>> why I removed it from 2.1-beta. >>>>> >>>> >>>> This is the part I can't seem to get my head around. But anyway, please >>>> fill me in where I may not be understanding you... >>>> >>>> My dilemma, or rather my question, is this: Why have my other Gmail >>>> accounts, with no offline access activated, become openly accessible each >>>> time I open Mailplane? >>>> >>>> I have seven different Gmail accounts, three of which I frequently >>>> access, and one of these with the offline access enabled. >>>> >>>> As per your explanation, I can fully understand why my offline-enabled >>>> account no longer requires me to enter a password to access. >>>> >>>> But for the other two Gmail accounts, it makes no sense whatsoever as to >>>> why they are accessible without the usual password authentication anymore - >>>> since each account should be mutually exclusive of one another. >>>> >>>> For example: Each time I start Mailplane, it would open up the >>>> offline-enabled Gmail account. When I want to switch to another account, I >>>> would usually expect the pop-up dialog and ask me for the respective >>>> password (since it's the first time I'm accessing the account for this >>>> Mailplane session). But with the latest Beta, it no longer does this and, >>>> instead, goes to my account's inbox right away. >>>> >>>> Hope you understand where I am coming from, and what I'm trying to >>>> describe here. >>>> >>>> >>>> Cheers, >>>> Kinny >>>> >>>> >>>> >>>> >>>>> A stronger security measures for offline data needs to be implemented >>>>> by Google. Even if Mailplane would ask you for Username/Password and would >>>>> not store any cookies you could still access your offline data by using >>>>> Safari or any other WebKit browser. >>>>> >>>>> >>>>> For me, no other measures are needed. I have other personal data stored >>>>> in my Mac's account. No other user is using my Mac, and I have password >>>>> protected my account. >>>>> >>>>> Maybe you could share some details about your requirements. Do you have >>>>> some accounts that you use online only and are more sensitive than other >>>>> you >>>>> use offline? >>>>> >>>>> >>>>> >>>>> -- >>>>> Ruben >>>>> http://mailplaneapp.com/blog >>>>> http://www.twitter.com/Mailplane >>>>> >>>>> >>>>> >>>> >>>> >>>> >>> >>> >>> >> >> >> > > > -- > Ruben > http://mailplaneapp.com/blog > http://www.twitter.com/Mailplane > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "mailplaneapp" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/mailplaneapp?hl=en -~----------~----~----~----~------~----~------~--~---
