[Security] Can save something without the password
Bug #1386072 reported by
londumas
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Pasaffe |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
1/ Change an info or create a new entry and don't save
2/ Do nothing and wait for the application to ask you your password again or to quit.
3/ Choose to quit. The app ask you to leave and not save, to leave and save or to cancel.
4/ Choose to quit and save. You are not asked the password again, but you are changing the database.
This is a security issue since without the password you change the database.
Thank you again for the cool app.
To post a comment you must log in.
I don't see how this is a security issue. The only data that gets saved is the data that was modified _while_ the application was unlocked.
There are two alternatives: 1- forcing the user to enter their password again to unlock before being able to quit the application, or 2- allowing the application to be closed without saving the changes.
I don't really like either of those two solutions, and I think allowing the save while the application is locked to be acceptable, so I'm not going to be changing this behaviour.