(Illustration by Gaich Muramatsu)
Jan Harkes <jaharkes_at_cs.cmu.edu> writes: > On Thu, May 05, 2016 at 10:49:19AM -0400, Greg Troxel wrote: >> Last I looked, there was the possibility of some fs data to travel >> unencrypted if it was not associated with a logged-in user. This is in >> my view totally not ok. > > It is encrypted but there is no shared secret between the client and the > server during the connection setup handshake, so the session key is > encrypted with a commonly known 'null key'. If you capture the INIT2 > packet from the server to the client you can trivially decrypt it and > get the session key. > > But.. why would anybody go through that amount of trouble if he can > connect to the server without authentication himself and get those same > files anyway? Clearly their ACL must allow System:AnyUser access, > otherwise the user would have had to be logged-in. Perhaps. But my security model involves the notion of limiting access entirely to an authorized set, and I'd like that to be super clear. Perhaps that a coda config setting that denies all unauthenticated access.Received on 2016-05-05 12:59:47