Opened 14 years ago

Closed 14 years ago

#7190 closed enhancement (duplicate)

webpositive security issue non prompted file downloads

Reported by: stargatefan Owned by: leavengood
Priority: normal Milestone: R1
Component: Applications/WebPositive Version: R1/alpha2
Keywords: Cc:
Blocked By: Blocking: #7319
Platform: All

Description

webpositive will automatically download files without asking for user consent. This is a big security issue that needs fixing before beta/hrev1.

fortunately is was only a windows self executable so no harm was inccured by someday someone may right a virus for haiku.

Change History (4)

comment:1 by axeld, 14 years ago

Type: bugenhancement

Unless attributes are resurrected (which isn't possible), downloading a file can never be a security issue. Only what you do with such a file can become one.

I haven't tested it, but in most cases, WebPositive should always just download files without asking again (after you clicked on that link).

in reply to:  1 comment:2 by stargatefan, 14 years ago

Replying to axeld:

Unless attributes are resurrected (which isn't possible), downloading a file can never be a security issue. Only what you do with such a file can become one.

I haven't tested it, but in most cases, WebPositive should always just download files without asking again (after you clicked on that link).

actually I have seen a bunch of non user intiated file downloads, things like pop.swf and other stuff. In fact yesterday I watched the webpositive allow for a unprompted download of a known windows scareware program.

I don't worry to much becuase there isn't much out there that could infect haiku or beos thanx to the small user base, but someday it could be a problem.

comment:3 by stargatefan, 14 years ago

http://dev.haiku-os.org/ticket/7319

my ticket is a much more poorly defined version of the behavior of the ticket above. I suggest closing this one as it is a duplicate and the ticket above better describes the behavior I am seeing.

comment:4 by korli, 14 years ago

Blocking: 7319 added
Resolution: duplicate
Status: newclosed

Closing as a duplicate of #7319. Thanks stargatefan

Note: See TracTickets for help on using tickets.