Hi Simon, Thanks for your problem report. This bug has been corrected and it'll be released with 2.0.4: http://bit.ly/11DIF9
- About two or three weeks ago, the ClientLogin<http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html>interface stopped to work for some users. - Affected users were getting "BadRequests" and time outs and were not able to open their inboxes. - When Mailplane 2.0.2 and 2.0.3 detected such a condition, it would bypass the ClientLogin and try to load the inbox. Mailplane stores cookies for each account in its application support folder and was able to proceed. Here's the solution (will be released with 2.0.4 and has already been released with 2.1-beta): - When Mailplane detects the ClientLogin problem it will: - If you have the login window open: Ask you if you like to use the "Sign In" Google page. If you yes, your cookies will be deleted and you'll get to the sign in page where the sign in is repeated. - If you have no login window open (automatically login): It'll will go to "Sign In" page (cookies deleted). - If you sign in for the background account notifications and you see no authentication dialog: It'll just try to read the RSS feed. If you like to try 2.0.4: http://bit.ly/11DIF9 I think this is a good compromise: 1. Accounts can only be accessed with proper authentication 2. The ClientLogin problem doesn't leave anybody stranded. Let me know how it works for you. On Thu, Feb 26, 2009 at 11:14 PM, Simon Pride <[email protected]> wrote: > > Mailplane v 2.0.3 Build 974 allows you to log into Gmail with an > incorrect password. I suspect that it is caching the password even > when it has been configured not to. Or maybe it's using the cookie > from an existing session in another browser? > > Steps to reproduce: > > Mailplane, Preferences, Accounts: > > Uncheck "Store password in keychain" > Uncheck "Automatically log in when needed" > > Close preferences > > (I do this on my work MacBook Pro because I do not want anyone to be > able to log into my Gmail except me. There are occasions when other > people have access to my computer and I don't want them to be able to > get to my private mail.) > > Quit Mailplane. > > Open Mailplane > > You are challenged to log in. In the email field in the login dialog > sheet, your gmail address should be filled in. Your password should be > blank. Below the Email and Password fields 'store password in keychain > should be blank and 'store password in keychain should be both > disabled and blank. > > Type an incorrect password into the 'Password' field and press login > > Expected behavior: your incorrect password is rejected. You are > invited to try again > > Observed behavior: your incorrect password is accepted and you are > logged into Gmail. > > > > This is a serious security glitch. Can you please look at this and see > where it's getting the login credentials from? > > Best > simon > > > > > > > > -- Ruben http://mailplaneapp.com/blog http://www.twitter.com/Mailplane --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "mailplaneapp" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/mailplaneapp?hl=en -~----------~----~----~----~------~----~------~--~---
