On 23/10/09 21:00 +0200, Udo Spallek wrote: > > Am Freitag, den 23.10.2009, 20:12 +0200 schrieb Hartmut Goebel: > > Tobias Paepke schrieb: > > > > > I agree with hartmut to force the encryption of the client-server > > > connection. These user should not have the option to decide to run > > > tryton unencrypted. > > You misunderstood me here: I'm not talking about enforcing SSL. I say: > > *if* SSL is enabled on the server side, the user must not have a choice > > and the client must verify the server certificate. > > But here the problem is that the client user can choose the connection. > So the intruder sends him a mail, that the client needs new connection > to the server for some administrational reason... after this the client > user is ripped off. > > For this we need a client option, that restrict the manual entry of the > connection parameters (server, port). With this only the parameters from > the client.conf are allowed (server, port, certificate, authority), > which is hopefully readonly for the client system user.
Tryton is a GPL software so this give the right to the user to change it. So any kind of try to restrict user is impossible. -- Cédric Krier B2CK SPRL Rue de Rotterdam, 4 4000 Liège Belgium Tel: +32 472 54 46 59 Email: [email protected] Jabber: [email protected] Website: http://www.b2ck.com/
signature.asc
Description: Digital signature
