[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Anybody using Pantomime or mail-core framework?

Subject: Re: Anybody using Pantomime or mail-core framework?
From: Jens Alfke <email@hidden>
Date: Tue, 13 May 2008 16:45:30 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden


On 13 May '08, at 4:35 PM, Matt Burnett wrote:

Its not hard to enable HTTP authentication.

It's also not hard to eavesdrop on the HTTP session using tcpdump, or to debug or disassemble the app to recover the password. In other words, putting a shared secret into an application distributed to end-users is not secure.

Probably not a realistic fear in this particular case, but there are many, many instances of web scripts like this being abused to send spam, so I don't think I'm being overly paranoid :)

—Jens

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: Anybody using Pantomime or mail-core framework?
  - From: Matt Burnett <email@hidden>

References:
	>Anybody using Pantomime or mail-core framework? (From: email@hidden)
	>Re: Anybody using Pantomime or mail-core framework? (From: Omar Qazi <email@hidden>)
	>Re: Anybody using Pantomime or mail-core framework? (From: Jens Alfke <email@hidden>)
	>Re: Anybody using Pantomime or mail-core framework? (From: Matt Burnett <email@hidden>)

Prev by Date: Re: Create NSStrings from a mapped NSData object - safe?
Next by Date: Re: How to deal with property and Undo?
Previous by thread: Re: Anybody using Pantomime or mail-core framework?
Next by thread: Re: Anybody using Pantomime or mail-core framework?
Index(es):
- Date
- Thread

Home