From 5159cd2beb2e87806a5b54e9991b7895285c9d3e Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Sun, 27 Jan 2013 01:04:16 -0600
Subject: Rename a number of libraries and executables to avoid conflicts with
 KDE4

---
 tdeio/kssl/SECURITY-HOLES | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 tdeio/kssl/SECURITY-HOLES

(limited to 'tdeio/kssl/SECURITY-HOLES')

diff --git a/tdeio/kssl/SECURITY-HOLES b/tdeio/kssl/SECURITY-HOLES
new file mode 100644
index 000000000..62b8e9ca7
--- /dev/null
+++ b/tdeio/kssl/SECURITY-HOLES
@@ -0,0 +1,17 @@
+List of known security holes in KDE's SSL implementation and HTTPS support in
+Konqueror.
+-----------------------------------------------------------------------------
+
+
+1)  Caching should be done on a per-host basis, not per-certificate.
+
+2)  Autocompletion in form fields in HTTPS mode will result in various fields
+such as pin numbers and possibly credit cards or other sensitive information
+being silently written to disk in some cases.
+
+
+3)  Certificate revocation lists (CRLs) are not implemented.  This should be
+done after 2.2.
+
+
+
-- 
cgit v1.2.1