[Shr-Devel] Security and PIM
morphis at gravedo.de
Wed Nov 10 10:04:47 CET 2010
On 10.11.2010 09:46, pespin.shar at gmail.com wrote:
> 2010/11/10 <captain.deadly at gmail.com>
>> Hello all,
>> I've a question. I'm currently looking at opimd code with a view to
>> perhaps rewriting it in vala. That, as far as I know, was always on the
>> of things to do and as an education to myself I thought it might be a
>> exercise. I mean it's not critical as opimd is there and works well so it's
>> handy starter exercise.
>> Anyhow whilst mulling over things in my head I remebered that in recent
>> Android was hit by the shocking revelation that some installed apps were
>> transmitting Personal Data to remote parties. Then there was the further
>> shocking info that the iPhone suffers from the same problem.
>> I'm thinking that there ain't a whole pile you can do to secure PIM data,
>> especially in an Open Source, implementation. That's what I'm thinking and
>> I'll readily admit that I don't know squat about securing data. It seems to
>> that the first step to securing the data is saying that only the SHR
>> apps can access this data. That's not really good for choice which is one
>> the mail advantages of Open Systems. Even if you said that only SHR
>> apps could access this info if the apps source is readily available then
>> you've achieved nothing.
> great thing about open source operating systems (meaning no privative
> apps/parts running on it) Is that you have actually total control on what's
> running there. You can review each program to see if it's using your
> information/data in an undesired way, and decide wheter to install it or
> not. That's a great advantage we have over Android and Iphone.
> So, we must keep running only open source programs (which we know doesn't
> contain malware) to be sure nothing unknown is happening under the hood ;)
> cracking from networks such as wifi or gsm and similar sploits are another
> subject, which we should thing about too.
I would even like to see some security mechanism for fsopimd. Maybe like
twitter did it already with client applications with OAuth
(http://oauth.net/) so you have to grant each access to several DBus
interface path before one application can access it.
The best place should be some component which can secure general dbus
access for all applications (maybe a fsopolicyd).
More information about the Shr-devel