Re: [Passwordsafe-devel] Semi-automatic update option?
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
Re: [Passwordsafe-devel] Semi-automatic update option?
|
From: Karl S. <kar...@ho...> - 2007-09-17 14:17:47
|
Along those lines... I use sourceforge's built in File Release RSS feed: http://sourceforge.net/export/rss2_projfiles.php?group_id=41019 or the news feed: http://sourceforge.net/export/rss2_projnews.php?group_id=41019 It would be pretty easy to add an "Alert me" for new files or news. My vote would be for "Alert me" off by default. And have the Alert be configurable "Check once every X days" You'd have to store locally...Wwhen the last alert was read, and when the last (RSS) check occurred. The only risk is, if the RSS feed changes location. -Karl >From: "dk" <dk...@gm...> >To: <ro...@ac...>, <pas...@li...> >Subject: Re: [Passwordsafe-devel] Semi-automatic update option? >Date: Sun, 16 Sep 2007 08:07:53 +0100 >MIME-Version: 1.0 >Received: from lists-outbound.sourceforge.net ([66.35.250.225]) by >bay0-mc3-f16.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sun, >16 Sep 2007 00:06:52 -0700 >Received: from sc8-sf-list2-new.sourceforge.net >(sc8-sf-list2-new-b.sourceforge.net [10.3.1.94])by >sc8-sf-spam2.sourceforge.net (Postfix) with ESMTPid 203D2FCFD; Sun, 16 Sep >2007 00:06:52 -0700 (PDT) >Received: from sc8-sf-mx1-b.sourceforge.net >([10.3.1.91]helo=mail.sourceforge.net)by sc8-sf-list2-new.sourceforge.net >with esmtp (Exim 4.43)id 1IWoDN-0008FG-3s for >pas...@li...;Sun, 16 Sep 2007 00:06:45 -0700 >Received: from ug-out-1314.google.com ([66.249.92.175])by >mail.sourceforge.net with esmtp (Exim 4.44) id 1IWoDO-00064r-EKfor >pas...@li...;Sun, 16 Sep 2007 00:06:50 -0700 >Received: by ug-out-1314.google.com with SMTP id m2so668168ugefor ><pas...@li...>;Sun, 16 Sep 2007 00:06:45 -0700 >(PDT) >Received: by 10.66.219.2 with SMTP id r2mr5639338ugg.1189926404961;Sun, 16 >Sep 2007 00:06:44 -0700 (PDT) >Received: from kelvinhome ( [81.86.114.146])by mx.google.com with ESMTPS id >y7sm5899537ugc.2007.09.16.00.06.42(version=SSLv3 cipher=RC4-MD5); Sun, 16 >Sep 2007 00:06:42 -0700 (PDT) >X-Message-Delivery: Vj0zLjQuMDt1cz0wO2k9MDtsPTA7YT0w >X-Message-Info: >veEQNzk+IXs3oPcNYI0hjfC2egG0gOhQlnGLSsq3iZ/79V+up8DEX564ejy+7epZXPgi4dXPeAjGMV245k9YLg== >References: <001e01c7f78d$b84c5c50$0d00640a@LYDIA> >X-Mailer: Microsoft Office Outlook 11 >Thread-Index: Acf3jQtlyxvFzKV4Sr659p3XzfirMQAoUe4g >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 >X-Spam-Score: 0.0 (/) >X-Spam-Report: Spam Filtering performed by sourceforge.net.See >http://spamassassin.org/tag/ for more details.Report problems >tohttp://sf.net/tracker/?func=add&group_id=1&atid=2000010.0 RCVD_BY_IP > Received by mail server with no name >X-BeenThere: pas...@li... >X-Mailman-Version: 2.1.8 >Precedence: list >List-Id: Develpoment-related issues for the PasswordSafe OS >project<passwordsafe-devel.lists.sourceforge.net> >List-Unsubscribe: ><https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel>,<mailto:pas...@li...?subject=unsubscribe> >List-Archive: ><http://sourceforge.net/mailarchive/forum.php?forum_name=passwordsafe-devel> >List-Post: <mailto:pas...@li...> >List-Help: ><mailto:pas...@li...?subject=help> >List-Subscribe: ><https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel>,<mailto:pas...@li...?subject=subscribe> >Errors-To: pas...@li... >Return-Path: pas...@li... >X-OriginalArrivalTime: 16 Sep 2007 07:06:52.0804 (UTC) >FILETIME=[28AF3C40:01C7F830] > >Actually, I would prefer this wasn't implemented (see PS below) but if it >were, I am OK with Rony's restrictions and Greg's addition: > >".... with an option (disabled by default) to automatically check for >updates once a week" - although I would make the time period a user >configurable number of days, weeks or even an option of whenever first >started on a day. > >However, I don't think PWS should either display the URL to be able to >download it or offer to do so! The user should just be informed that there >is a new version and then they can download it as they would normally using >whatever precautions they want/would normally use. > >David > >PS. Personally, I use a free utility from the web called Webmon >(http://www.btinternet.com/~markwell/webmon/), where I set it up to go >check >for changes at all the sites I am interested it. I can use it to check >single sites or all and to specify the exact start & end strings of the >content to check i.e. latest version number of PWS! > > >-----Original Message----- >From: pas...@li... >[mailto:pas...@li...] On Behalf Of >ronys >Sent: 15 September 2007 12:44 >To: pas...@li... >Subject: [Passwordsafe-devel] Semi-automatic update option? > >Hi, > >Users have been asking for an automatic update mechanism for PasswordSafe, >so I've begun thinking on how to implement it: > >I've never liked applications that take the liberty of connecting a server >without asking me, to check for updates and who knows what else. So here's >how I'd go about it for PasswordSafe: > >- The Help->About dialog would have a "check for update" button. This >button >will initiate a connection (described in a minute) IF AND ONLY IF there's >no >"open" database, that is, there's no sensitive data in the application's >memory. My main worry here is that an attacker can do a man-in-the-middle >attack and find some kind of exploit (e.g., buffer overflow) to access and >download sensitive data. > >- The update button will open a hardcoded URL, something like >"https://passwordsafe.sf.net/latest.txt" This will have the version >information for the latest & greatest, and a URL for downloading it. > >- I'm wondering if it's worth adding signature verification capability, so >that the downloaded version can be verified as authentic. On one hand, this >is easily subverted if the attacker replaces the victim's original version >with one that fakes the validity check, on the other hand, if the attacker >can do this, then the attacker can already do what he wants with the user's >data, so the validity check is the least of his worries... > >I'd be very happy to get comments/criticism/suggestions on the above. > > Cheers, > > Rony > > >------------------------------------------------------------------------- >This SF.net email is sponsored by: Microsoft Defy all challenges. >Microsoft(R) Visual Studio 2005. >http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >_______________________________________________ >Passwordsafe-devel mailing list >Pas...@li... >https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel > > >------------------------------------------------------------------------- >This SF.net email is sponsored by: Microsoft >Defy all challenges. Microsoft(R) Visual Studio 2005. >http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >_______________________________________________ >Passwordsafe-devel mailing list >Pas...@li... >https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel _________________________________________________________________ A place for moms to take a break! http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us |
