You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tdelibs/kio/kssl/SECURITY-HOLES

18 lines
538 B

List of known security holes in KDE's SSL implementation and HTTPS support in
Konqueror.
-----------------------------------------------------------------------------
1) Caching should be done on a per-host basis, not per-certificate.
2) Autocompletion in form fields in HTTPS mode will result in various fields
such as pin numbers and possibly credit cards or other sensitive information
being silently written to disk in some cases.
3) Certificate revocation lists (CRLs) are not implemented. This should be
done after 2.2.