Handling of private/confidential groupware objects
Martin Konold
martin.konold at erfrakon.de
Mon Jan 23 23:29:14 CET 2006
Am Montag, 23. Januar 2006 09:58 schrieb Bernhard Reiter:
Hi,
> This cannot be guarenteed as long as clients can set the ACL
> of all the folders. A user _could_ set the ACL of the hidden folder
> differently. Or do you think that we should add more protection
> to the imapd implementation then?
Well, if users shoot themself in the foot we cannot prevent them from doing so
in the good old unix tradition. Though we could apply "self healing"
semantics to the Kolab clients which can "fix" the wrong ACLs.
IMHO trying to prevent intentional shooting the foot will in the end require
TPM like architectures.
I don't think we want to go this route and therefore don't buy your argument
why my proposal is either impractical or insecure.
Regards,
-- martin
--
http://www.erfrakon.com/
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
More information about the format
mailing list