Re: [sqwebmail] gpg - decrypted msgs in tmp dir - Laurent Wacrenier - net.sourceforge.lists.courier-sqwebmail

3 messages in net.sourceforge.lists.courier-sqwebmailRe: [sqwebmail] gpg - decrypted msgs ...

From	Sent On	Attachments
Matus Hrusovsky	Feb 22, 2005 7:41 am
Laurent Wacrenier	Feb 22, 2005 8:22 am
Matus Hrusovsky	Feb 22, 2005 10:06 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: [sqwebmail] gpg - decrypted msgs in tmp dir	Actions...
From:	Laurent Wacrenier (lw...@teaser.fr)
Date:	Feb 22, 2005 8:22:32 am
List:	net.sourceforge.lists.courier-sqwebmail

Le Mar 22 fév 16:41:46 2005, Matus Hrusovsky écrit:

After logout from sqw, there are still decrypted messagess in $MAILDIR/tmp directory. They are deleted not after logout but after next login procedure, this is very insecure. Anyway, is there any reason to write decrypted msg to tmp dir ?

As far I've seen, it's needed to avoid multiple decryptions of the same file.

IMHO, this way its broking all security needs for using gpg.

Files in the mailbox hve to be readable by the user only.

As the user private keys are stored uncrypted, any user with read access to the mailbox is already able to decrypt the messages parts.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: