Thanks, Reuben, I'll grab the build you reference, for work.
On Feb 27, 1:45 am, Ruben Bakker <[email protected]> wrote:
> Hi Simon,
> Thanks for your problem report.
> This bug has been corrected and it'll be released with
> 2.0.4:http://bit.ly/11DIF9
>
> - About two or three weeks ago, the
> ClientLogin<http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html>interface
> stopped to work for some users.
> - Affected users were getting "BadRequests" and time outs and were not
> able to open their inboxes.
> - When Mailplane 2.0.2 and 2.0.3 detected such a condition, it would
> bypass the ClientLogin and try to load the inbox. Mailplane stores cookies
> for each account in its application support folder and was able to proceed.
>
> Here's the solution (will be released with 2.0.4 and has already been
> released with 2.1-beta):
>
> - When Mailplane detects the ClientLogin problem it will:
> - If you have the login window open: Ask you if you like to use the
> "Sign In" Google page. If you yes, your cookies will be deleted
> and you'll
> get to the sign in page where the sign in is repeated.
> - If you have no login window open (automatically login): It'll will
> go to "Sign In" page (cookies deleted).
> - If you sign in for the background account notifications and you see
> no authentication dialog: It'll just try to read the RSS feed.
>
> If you like to try 2.0.4:http://bit.ly/11DIF9
>
> I think this is a good compromise:
>
> 1. Accounts can only be accessed with proper authentication
> 2. The ClientLogin problem doesn't leave anybody stranded.
>
> Let me know how it works for you.
>
>
>
> On Thu, Feb 26, 2009 at 11:14 PM, Simon Pride <[email protected]> wrote:
>
> > Mailplane v 2.0.3 Build 974 allows you to log into Gmail with an
> > incorrect password. I suspect that it is caching the password even
> > when it has been configured not to. Or maybe it's using the cookie
> > from an existing session in another browser?
>
> > Steps to reproduce:
>
> > Mailplane, Preferences, Accounts:
>
> > Uncheck "Store password in keychain"
> > Uncheck "Automatically log in when needed"
>
> > Close preferences
>
> > (I do this on my work MacBook Pro because I do not want anyone to be
> > able to log into my Gmail except me. There are occasions when other
> > people have access to my computer and I don't want them to be able to
> > get to my private mail.)
>
> > Quit Mailplane.
>
> > Open Mailplane
>
> > You are challenged to log in. In the email field in the login dialog
> > sheet, your gmail address should be filled in. Your password should be
> > blank. Below the Email and Password fields 'store password in keychain
> > should be blank and 'store password in keychain should be both
> > disabled and blank.
>
> > Type an incorrect password into the 'Password' field and press login
>
> > Expected behavior: your incorrect password is rejected. You are
> > invited to try again
>
> > Observed behavior: your incorrect password is accepted and you are
> > logged into Gmail.
>
> > This is a serious security glitch. Can you please look at this and see
> > where it's getting the login credentials from?
>
> > Best
> > simon
>
> --
> Rubenhttp://mailplaneapp.com/bloghttp://www.twitter.com/Mailplane
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"mailplaneapp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/mailplaneapp?hl=en
-~----------~----~----~----~------~----~------~--~---
