summaryrefslogtreecommitdiffstats
path: root/kio/kssl/SECURITY-HOLES
diff options
context:
space:
mode:
Diffstat (limited to 'kio/kssl/SECURITY-HOLES')
-rw-r--r--kio/kssl/SECURITY-HOLES17
1 files changed, 17 insertions, 0 deletions
diff --git a/kio/kssl/SECURITY-HOLES b/kio/kssl/SECURITY-HOLES
new file mode 100644
index 000000000..62b8e9ca7
--- /dev/null
+++ b/kio/kssl/SECURITY-HOLES
@@ -0,0 +1,17 @@
+List of known security holes in KDE's SSL implementation and HTTPS support in
+Konqueror.
+-----------------------------------------------------------------------------
+
+
+1) Caching should be done on a per-host basis, not per-certificate.
+
+2) Autocompletion in form fields in HTTPS mode will result in various fields
+such as pin numbers and possibly credit cards or other sensitive information
+being silently written to disk in some cases.
+
+
+3) Certificate revocation lists (CRLs) are not implemented. This should be
+done after 2.2.
+
+
+