]
Andrew Oliver closed JBMAIL-251.
--------------------------------
Fix Version/s: (was: 1.0-M5)
(was: 1.0-RC1)
Resolution: Won't Fix
Assignee: (was: Andrew Oliver)
WebMail LoginView RememberME Functionality
------------------------------------------
Key: JBMAIL-251
URL:
http://jira.jboss.com/jira/browse/JBMAIL-251
Project: JBoss Mail ** Closed - moved to
http://buni.org **
Issue Type: Patch
Security Level: Public(Everyone can see)
Components: WebMail
Affects Versions: 1.0-M2, 1.0-M3, 1.0-M4, 1.0-M5, 1.0-RC1
Reporter: David Fuelling
Priority: Minor
Attachments: LoginView_patch.mxml.java, LoginView_patch.mxml.java
When a user logs into the webmail, he/she can click the "Remember Me" checkbox
and have the Flash webmail application remember his username/password information. The
functionality to do this has been implemented with this patch, by leveraging the Flash
Shared Object feature (which acts like a browser cookie) to store the login credentials
for later use.
It is unknown what the security implications of this are. Flash Shared Objects are
stored to disk in a specified user directory. In WinXP, for example, this directory is
not accessible unless you are logged in as an admin or the designated user (same for Unix,
I assume). So, even if the uid/password are un-encrypted on disk, this may not be a
security concern.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: