Rename a number of libraries and executables to avoid conflicts with KDE4

author: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2013-01-27 01:04:16 -0600
committer: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2013-01-27 01:04:16 -0600
commit: 5159cd2beb2e87806a5b54e9991b7895285c9d3e (patch)
tree: 9b70e8be47a390f8f4d56ead812ab0c9dad88709 /tdeio/kssl/SECURITY-HOLES
parent: c17cb900dcf52b8bd6dc300d4f103392900ec2b4 (diff)
download: tdelibs-5159cd2beb2e87806a5b54e9991b7895285c9d3e.tar.gz
tdelibs-5159cd2beb2e87806a5b54e9991b7895285c9d3e.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/tdeio/kssl/SECURITY-HOLES b/tdeio/kssl/SECURITY-HOLES
new file mode 100644
index 000000000..62b8e9ca7
--- /dev/null
+++ b/tdeio/kssl/SECURITY-HOLES
@@ -0,0 +1,17 @@
+List of known security holes in KDE's SSL implementation and HTTPS support in
+Konqueror.
+-----------------------------------------------------------------------------
+
+
+1)  Caching should be done on a per-host basis, not per-certificate.
+
+2)  Autocompletion in form fields in HTTPS mode will result in various fields
+such as pin numbers and possibly credit cards or other sensitive information
+being silently written to disk in some cases.
+
+
+3)  Certificate revocation lists (CRLs) are not implemented.  This should be
+done after 2.2.
+
+
+
author	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2013-01-27 01:04:16 -0600
committer	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2013-01-27 01:04:16 -0600
commit	5159cd2beb2e87806a5b54e9991b7895285c9d3e (patch)
tree	9b70e8be47a390f8f4d56ead812ab0c9dad88709 /tdeio/kssl/SECURITY-HOLES
parent	c17cb900dcf52b8bd6dc300d4f103392900ec2b4 (diff)
download	tdelibs-5159cd2beb2e87806a5b54e9991b7895285c9d3e.tar.gz tdelibs-5159cd2beb2e87806a5b54e9991b7895285c9d3e.zip