Opened 14 years ago
Closed 14 years ago
#7190 closed enhancement (duplicate)
webpositive security issue non prompted file downloads
Reported by: | stargatefan | Owned by: | leavengood |
---|---|---|---|
Priority: | normal | Milestone: | R1 |
Component: | Applications/WebPositive | Version: | R1/alpha2 |
Keywords: | Cc: | ||
Blocked By: | Blocking: | #7319 | |
Platform: | All |
Description
webpositive will automatically download files without asking for user consent. This is a big security issue that needs fixing before beta/hrev1.
fortunately is was only a windows self executable so no harm was inccured by someday someone may right a virus for haiku.
Change History (4)
follow-up: 2 comment:1 by , 14 years ago
Type: | bug → enhancement |
---|
comment:2 by , 14 years ago
Replying to axeld:
Unless attributes are resurrected (which isn't possible), downloading a file can never be a security issue. Only what you do with such a file can become one.
I haven't tested it, but in most cases, WebPositive should always just download files without asking again (after you clicked on that link).
actually I have seen a bunch of non user intiated file downloads, things like pop.swf and other stuff. In fact yesterday I watched the webpositive allow for a unprompted download of a known windows scareware program.
I don't worry to much becuase there isn't much out there that could infect haiku or beos thanx to the small user base, but someday it could be a problem.
comment:3 by , 14 years ago
http://dev.haiku-os.org/ticket/7319
my ticket is a much more poorly defined version of the behavior of the ticket above. I suggest closing this one as it is a duplicate and the ticket above better describes the behavior I am seeing.
comment:4 by , 14 years ago
Blocking: | 7319 added |
---|---|
Resolution: | → duplicate |
Status: | new → closed |
Closing as a duplicate of #7319. Thanks stargatefan
Unless attributes are resurrected (which isn't possible), downloading a file can never be a security issue. Only what you do with such a file can become one.
I haven't tested it, but in most cases, WebPositive should always just download files without asking again (after you clicked on that link).