On Sunday 06 February 2011 22:47:07 guillermo berlin wrote: > hi, > I was reading the encryption proposals and I notice the usage of cookies > to avoid typing passwords so many times, this is a great function but > implies a security risk in mobile devices such smartphones because they > can be stolen or lost and could give third parties access to information > stored in our owncloud that we do not want to be seen by others. > I think it will recommended or necessary to have a way to identify which > devices are connected ( like a unique ID), and from the server > administration panel can be added to a blacklist and so prevent access > to information stored in the cloud that was visible from the mobile > device by other people. > I say this as a constructive comment, because the theft of mobile phones > and other devices in my country are quite common and this may be a risk > to the data stored on the servers if there is any option like many > mobile applications that remember the username and password (which is a > useful function that saves time especially in this type of device)
Hi, this is probably a good idea. I wonder if this doesn't pose any possible security risks if you manage to spoof the cookie. Bye, -Riccardo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
