Opened 3 years ago
Last modified 2 years ago
#2081 open defect
Local Susimail cache should be encrypted with user's password
Reported by: | Reportage | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | undecided |
Component: | apps/susimail | Version: | 0.9.32 |
Keywords: | susimail, login, unencrypted cache | Cc: | str4d |
Parent Tickets: | Sensitive: | no |
Description
Currently local mail cached by susimail is accessible and readable without
a password.. logging in to a known user's account in Susimail can be achieved
without supplying a password to read mail, or the local cache dir can be
accessed to read downloaded mails.
In the interests of security, offline mail should be encrypted and only
accessible via Susimail once the user has logged in with the correct password.
Change History (6)
comment:1 Changed 3 years ago by
Cc: | str4d added |
---|---|
Status: | new → open |
comment:2 Changed 3 years ago by
Milestone: | 0.9.33 → 0.9.35 |
---|
Not easy, no decisions yet, and won't happen for .33
comment:4 Changed 3 years ago by
Milestone: | 0.9.35 → 0.9.37 |
---|
nowhere on str4d's priority list, pushing out
comment:6 Changed 2 years ago by
Milestone: | 0.9.37 → undecided |
---|
Note: See
TracTickets for help on using
tickets.
Yeah, the cache files are mode 600 but you can supply any or no password to see them through the web UI. That's because the password is the POP server password, we don't persist or validate the password (or hash). We need the username for offline viewing to match it to the correct cache dir. You can set a separate user/password for the whole console (including susimail) on /configui .
So the susimail password form is at best misleading as user's expectations are probably that the password is necessary to view local mail.
Not sure if we want to go as far as local encryption - not even Thunderbird does that - but I wonder what i2pbote does, let's ask str4d. We've never encrypted anything on disk in the standard i2p package, we don't have a set of libs for that, and would have to select a particular encryption type and parameters. If we do decide to encrypt, that would be phase two.