[Pidgin] #9571: Security issue for shared or public computer users
Pidgin
trac at pidgin.im
Tue Jun 30 09:11:39 EDT 2009
#9571: Security issue for shared or public computer users
--------------------------+-------------------------------------------------
Reporter: phamthanhnam | Owner: rekkanoryo
Type: defect | Status: new
Milestone: | Component: unclassified
Version: 2.5.7 | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Description changed by phamthanhnam:
Old description:
> In my opinion, Pidgin is good for many home users who have their own
> computers, but it is not suited for public computer users who use the
> same user account (as guest) on a computer yet.
> We can see this situation in Internet cafés, exhibitions, hotels,
> airports, libraries, classrooms, etc... With default configuration,
> Pidgin logs all messages and conversations of all accounts without
> notification to users and these messages and conversations are not
> encrypted. Any user can easily view others' private messages even when
> they have already logged off, and any curious malefactor can easily turn
> on logging to trap others. The same manner when I borrow a computer from
> someone or lend someone my computer for a moment. This seems to be a
> security issue.
> So, for support better users in a shared public environment, I suggest to
> add an option "Temporary Account" or something when creating a new
> account. Users using computers that ain't their own will choose this
> option. This temporary account will not memorize or log any private
> information and will be auto-deleted when user logs out.
New description:
In my opinion, Pidgin is good for many home users who have their own
computers, but it is not suited for public computer users who use the same
user account (as guest) on a computer yet.
We can see this situation in Internet cafés, exhibitions, hotels,
airports, libraries, classrooms, etc... With default configuration, Pidgin
logs all messages and conversations of all accounts without notification
to users and these messages and conversations are not encrypted. Any user
can easily view others' private messages even when they have already
logged off, and any curious malefactor can easily turn on logging to trap
others. The same manner when I borrow a computer from someone or lend
someone my computer for a moment. This seems to be a security issue.[[BR]]
So, for support better users in a shared public environment, I suggest to
add an option "Temporary Account" or something when creating a new
account. Users using computers that ain't their own will choose this
option. This temporary account will not memorize or log any private
information and will be auto-deleted when user logs out.
--
--
Ticket URL: <http://developer.pidgin.im/ticket/9571#comment:1>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list