Thanks, Ruben. I see that 2.0.4 is released so I'll upgrade to that. Great stuff!
Thanks again Simon On Feb 27, 1:45 am, Ruben Bakker <[email protected]> wrote: > Hi Simon, > Thanks for your problem report. > This bug has been corrected and it'll be released with > 2.0.4:http://bit.ly/11DIF9 > > - About two or three weeks ago, the > ClientLogin<http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html>interface > stopped to work for some users. > - Affected users were getting "BadRequests" and time outs and were not > able to open their inboxes. > - When Mailplane 2.0.2 and 2.0.3 detected such a condition, it would > bypass the ClientLogin and try to load the inbox. Mailplane stores cookies > for each account in its application support folder and was able to proceed. > > Here's the solution (will be released with 2.0.4 and has already been > released with 2.1-beta): > > - When Mailplane detects the ClientLogin problem it will: > - If you have the login window open: Ask you if you like to use the > "Sign In" Google page. If you yes, your cookies will be deleted > and you'll > get to the sign in page where the sign in is repeated. > - If you have no login window open (automatically login): It'll will > go to "Sign In" page (cookies deleted). > - If you sign in for the background account notifications and you see > no authentication dialog: It'll just try to read the RSS feed. > > If you like to try 2.0.4:http://bit.ly/11DIF9 > > I think this is a good compromise: > > 1. Accounts can only be accessed with proper authentication > 2. The ClientLogin problem doesn't leave anybody stranded. > > Let me know how it works for you. > > > > On Thu, Feb 26, 2009 at 11:14 PM, Simon Pride <[email protected]> wrote: > > > Mailplane v 2.0.3 Build 974 allows you to log into Gmail with an > > incorrect password. I suspect that it is caching the password even > > when it has been configured not to. Or maybe it's using the cookie > > from an existing session in another browser? > > > Steps to reproduce: > > > Mailplane, Preferences, Accounts: > > > Uncheck "Store password in keychain" > > Uncheck "Automatically log in when needed" > > > Close preferences > > > (I do this on my work MacBook Pro because I do not want anyone to be > > able to log into my Gmail except me. There are occasions when other > > people have access to my computer and I don't want them to be able to > > get to my private mail.) > > > Quit Mailplane. > > > Open Mailplane > > > You are challenged to log in. In the email field in the login dialog > > sheet, your gmail address should be filled in. Your password should be > > blank. Below the Email and Password fields 'store password in keychain > > should be blank and 'store password in keychain should be both > > disabled and blank. > > > Type an incorrect password into the 'Password' field and press login > > > Expected behavior: your incorrect password is rejected. You are > > invited to try again > > > Observed behavior: your incorrect password is accepted and you are > > logged into Gmail. > > > This is a serious security glitch. Can you please look at this and see > > where it's getting the login credentials from? > > > Best > > simon > > -- > Rubenhttp://mailplaneapp.com/bloghttp://www.twitter.com/Mailplane --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "mailplaneapp" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/mailplaneapp?hl=en -~----------~----~----~----~------~----~------~--~---
