[jboss-jira] [JBoss JIRA] Updated: (JBMAIL-251) WebMail LoginView RememberME Functionality
David Fuelling (JIRA)
jira-events at jboss.com
Wed Oct 4 09:08:41 EDT 2006
[ http://jira.jboss.com/jira/browse/JBMAIL-251?page=all ]
David Fuelling updated JBMAIL-251:
----------------------------------
Attachment: LoginView_patch.mxml.java
The patch to enable "remember me" functionality for the Webmail Flash application.
> WebMail LoginView RememberME Functionality
> ------------------------------------------
>
> Key: JBMAIL-251
> URL: http://jira.jboss.com/jira/browse/JBMAIL-251
> Project: JBoss Mail
> Issue Type: Patch
> Security Level: Public(Everyone can see)
> Components: WebMail
> Affects Versions: 1.0-M4, 1.0-M3, 1.0-M2, 1.0-M5, 1.0-RC1, 1.0-final
> Reporter: David Fuelling
> Assigned To: Andrew Oliver
> Priority: Minor
> Fix For: 1.0-M5, 1.0-RC1, 1.0-final
>
> Attachments: LoginView_patch.mxml.java
>
>
> When a user logs into the webmail, he/she can click the "Remember Me" checkbox and have the Flash webmail application remember his username/password information. The functionality to do this has been implemented with this patch, by leveraging the Flash Shared Object feature (which acts like a browser cookie) to store the login credentials for later use.
> It is unknown what the security implications of this are. Flash Shared Objects are stored to disk in a specified user directory. In WinXP, for example, this directory is not accessible unless you are logged in as an admin or the designated user (same for Unix, I assume). So, even if the uid/password are un-encrypted on disk, this may not be a security concern.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list