Local Susimail cache should be encrypted with user's password
Opened 3 years ago
Last modified 3 years ago
#2081opendefect
Local Susimail cache should be encrypted with user's password
Reported by:ReportageOwned by: Priority: major Milestone: undecided Component: apps/susimail Version: 0.9.32 Keywords: susimail, login, unencrypted cache Cc: str4d Parent Tickets:
Sensitive: no
Description
Currently local mail cached by susimail is accessible and readable without
a password.. logging in to a known user's account in Susimail can be achieved
without supplying a password to read mail, or the local cache dir can be
accessed to read downloaded mails.
In the interests of security, offline mail should be encrypted and only
accessible via Susimail once the user has logged in with the correct password.