On Sat, Feb 26, 2011 at 11:21 PM, Riccardo Iaconelli <[email protected]>wrote:
> On Sunday 06 February 2011 22:47:07 guillermo berlin wrote: > > hi, > > I was reading the encryption proposals and I notice the usage of cookies > > to avoid typing passwords so many times, this is a great function but > > implies a security risk in mobile devices such smartphones because they > > can be stolen or lost and could give third parties access to information > > stored in our owncloud that we do not want to be seen by others. > > I think it will recommended or necessary to have a way to identify which > > devices are connected ( like a unique ID), and from the server > > administration panel can be added to a blacklist and so prevent access > > to information stored in the cloud that was visible from the mobile > > device by other people. > > I say this as a constructive comment, because the theft of mobile phones > > and other devices in my country are quite common and this may be a risk > > to the data stored on the servers if there is any option like many > > mobile applications that remember the username and password (which is a > > useful function that saves time especially in this type of device) > > Hi, > this is probably a good idea. I wonder if this doesn't pose any possible > security risks if you manage to spoof the cookie. > Hi all, >From the security standpoint , we could use a public key-private key mechanism ? Only if the mobile phone's public key is there with the server, will it allow the connection to be made. Granting access to new devices, and revoking access, is also very easy in this manner. -- regards ------- Kunal Ghosh Dept of Computer Sc. & Engineering. Sir MVIT Bangalore,India permalink: member.acm.org/~kunal.t2 <http://member.acm.org/%7Ekunal.t2> Blog:kunalghosh.wordpress.com Website:www.kunalghosh.net46.net
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
