[Security] Can save something without the password
Bug #1386072 reported by
londumas
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Pasaffe |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
1/ Change an info or create a new entry and don't save
2/ Do nothing and wait for the application to ask you your password again or to quit.
3/ Choose to quit. The app ask you to leave and not save, to leave and save or to cancel.
4/ Choose to quit and save. You are not asked the password again, but you are changing the database.
This is a security issue since without the password you change the database.
Thank you again for the cool app.
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #1 |
| information type: | Private Security → Public Security |
| Changed in pasaffe: | |
| status: | New → Won't Fix |
Revision history for this message
| londumas (helion331990) wrote Re: [Bug 1386072] Re: [Security] Can save something without the password | #2 |
To post a comment you must log in.
I don't see how this is a security issue. The only data that gets saved is the data that was modified _while_ the application was unlocked.
There are two alternatives: 1- forcing the user to enter their password again to unlock before being able to quit the application, or 2- allowing the application to be closed without saving the changes.
I don't really like either of those two solutions, and I think allowing the save while the application is locked to be acceptable, so I'm not going to be changing this behaviour.