Opened 3 years ago
Last modified 2 years ago
#1910 assigned defect
Separate password caches for I2P-Bote WebUI and IMAP
| Reported by: | str4d | Owned by: | str4d |
|---|---|---|---|
| Priority: | minor | Milestone: | undecided |
| Component: | apps/plugins | Version: | 0.9.28 |
| Keywords: | I2P-Bote security | Cc: | |
| Parent Tickets: | Sensitive: | no |
Description
The IMAP API as originally implemented uses the same internal password cache for logging in as the WebUI. This has the side-effect of the WebUI being unlocked while a mail client is authenticated with IMAP, which is unintuitive and unlikely to match user expectations.
The password cache system should be extended with independent authentication contexts.
Subtickets
Change History (2)
comment:1 Changed 3 years ago by
| Owner: | set to str4d |
|---|---|
| Status: | new → assigned |
| Version: | → 0.9.28 |
comment:2 Changed 2 years ago by
Note: See
TracTickets for help on using
tickets.
Migrated to https://github.com/i2p/i2p.i2p-bote/issues - I will close these tickets as things are resolved rather than right now, but please make future comments on GitHub?.