[Shr-Devel] Security and PIM
frederik.sdun at googlemail.com
Wed Nov 10 21:09:02 CET 2010
Am Mittwoch, den 10.11.2010, 07:38 +0000 schrieb
captain.deadly at gmail.com:
> Hello all,
> I've a question. I'm currently looking at opimd code with a view to
> perhaps rewriting it in vala. That, as far as I know, was always on the list
> of things to do and as an education to myself I thought it might be a usefull
> exercise. I mean it's not critical as opimd is there and works well so it's a
> handy starter exercise.
> Anyhow whilst mulling over things in my head I remebered that in recent weeks
> Android was hit by the shocking revelation that some installed apps were
> transmitting Personal Data to remote parties. Then there was the further
> shocking info that the iPhone suffers from the same problem.
> I'm thinking that there ain't a whole pile you can do to secure PIM data,
> especially in an Open Source, implementation. That's what I'm thinking and
> I'll readily admit that I don't know squat about securing data. It seems to me
> that the first step to securing the data is saying that only the SHR supplied
> apps can access this data. That's not really good for choice which is one of
> the mail advantages of Open Systems. Even if you said that only SHR supplied
> apps could access this info if the apps source is readily available then
> you've achieved nothing.
> I've admitted that I know squat but is there anybody who can offer a clever
> idea which might be used to secure PIM data. I'm just curious.
> And don't mention that the phone runs as root at present so it ain't the most
> secure. That's another discussion that I know squat about. In the ideal world
> where the phone did not run as root how would you secure PIM. I suppose that
> might well be the answer different user id's. Hmm only user "pim" or group
> "pim" can read pim data. Still that probably curtails third party developers
> writing a really cool app. They'll have to be able to access PIM.
> Catch 22 you either have an open system that allows third party apps or you
> have secure data.
> Shr-devel mailing list
> Shr-devel at lists.shr-project.org
porting opimd to vala should be happen during the transisition to gdbus,
which is mandatory for opimd. opimd uses tuples/hashtables in value,
which cannot be de-/serialized with current glib value implementation.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: This is a digitally signed message part
More information about the Shr-devel