Cocoa mail archive
Re: Anybody using Pantomime or mail-core framework?
FROM : Andrew Farmer
DATE : Thu May 15 23:17:45 2008
On 13 May 08, at 17:40, Matt Burnett wrote:
> Now your talking about hackers instead of spammers. It is hard to
> sniff a HTTP session, you have to penetrate your victim's network
> enough to be able to do so.
You're assuming that the application is only ever used in a trusted
environment, which is unlikely to be the case. If an attacker can
download a copy of the application, there is no way to prevent them
from reusing credentials which are embedded in it.
DATE : Thu May 15 23:17:45 2008
On 13 May 08, at 17:40, Matt Burnett wrote:
> Now your talking about hackers instead of spammers. It is hard to
> sniff a HTTP session, you have to penetrate your victim's network
> enough to be able to do so.
You're assuming that the application is only ever used in a trusted
environment, which is unlikely to be the case. If an attacker can
download a copy of the application, there is no way to prevent them
from reusing credentials which are embedded in it.
| Related mails | Author | Date |
|---|---|---|
| Anybody using Pantomime or mail-core framework? |
vinitha | May 12, 13:25 |
| Re: Anybody using Pantomime or mail-core framework? |
Omar Qazi | May 13, 07:57 |
| Re: Anybody using Pantomime or mail-core framework? |
Jens Alfke | May 13, 08:07 |
| Re: Anybody using Pantomime or mail-core framework? |
Omar Qazi | May 13, 08:16 |
| Re: Anybody using Pantomime or mail-core framework? |
Matt Burnett | May 14, 01:35 |
| Re: Anybody using Pantomime or mail-core framework? |
Jens Alfke | May 14, 01:45 |
| Re: Anybody using Pantomime or mail-core framework? |
Matt Burnett | May 14, 02:40 |
| Re: Anybody using Pantomime or mail-core framework? |
Jens Alfke | May 14, 02:48 |
| Re: Anybody using Pantomime or mail-core framework? |
Andrew Farmer | May 15, 23:17 |
