[Tickets #5892] Re: Linked attachment feature vulnerability
bugs at bugs.horde.org
bugs at bugs.horde.org
Sat Nov 17 18:43:28 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5892
-----------------------------------------------------------------------
Ticket | 5892
Updated By | joao_mauricio at clix.pt
Summary | Linked attachment feature vulnerability
Queue | IMP
Version | HEAD
Type | Bug
State | Feedback
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
joao_mauricio at clix.pt (2007-11-17 10:43) wrote:
What is needed is not an unique id, it's a secret and unique id.. on gmail,
for example, each rcpt receives an unique and secret id in his url,
including the sender. A timestamp concatenated with a pseudo-random id, or
something like that may be a solution.
> Besides that we already have such an (pseudo) unique id, the
> timestamp, how would that help? The attacker, which would be the
> sender, would send the message to himself anyway.
More information about the bugs
mailing list