#93 Critical unauthorized delete in view only mode

v1.0_(example)
closed-wont-fix
None
5
2014-10-28
2014-06-19
Achraf52
No

The XCA database can be opened without inputting the db password by clicking the cancel button, the database owner should have an option to disable this feature.

Also, when viewing a database without the password, the user can DELETE the private keys and other stuff without the password, which could cause critical losses in case of unauthorized database access.

I believe the delete feature should ask for the password first, a password-free should only allow view of the contents of the database.

Discussion

  • It is not a feature, but reflects the effective permission.
    The user may delete or view items via XCA, because he has File-access permissions. He could do the same without XCA but a HEX-Editor, just less comfortable.
    He also could easily delete the whole database by the windows file explorer.
    If you want security, restrict access to the database on file-system/operating-system level.
    Any of your proposals would only increase the "sensed security" while hiding the permission issue.
    Because of the "Open-without-password behavior", people start thinking about the protection of the XCA database file as you did, which is generally good.

     
  • Achraf52
    Achraf52
    2014-06-19

    Thank you for your reply about my bug report, I do agree on your thoughts and I've changed my mind about my above piece of advice.

    Please give me some ideas on how I can protect the database file at the OS level and File System level, if possible, also refer me to open source software that can do this under Windows. I really want a reliable way to prevent unauthorized database deletion.

     
  • I'm not very familiar with Microsoft Windows, but google pointed me to this: http://technet.microsoft.com/en-us/library/bb727008.aspx

    You need different windows logins. Only those people allowed to access the database should login with the same windows username.

     
    • status: open --> closed-wont-fix