Results 1 to 4 of 4
  1. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
       #1  
    It seems there's a security hole in regards to private records. Namely, that not all apps that palm ships respect the tag.

    i.e. mark a contact private. you wont be able to search for them in contact list.

    however, go to sms and now try to send them a text, their info will come up.

    This is on a Sprint Treo 700p upgraded to the 755p firmware.

    I know the private tag doesn't provide good security, but it seems sort of pointless to even have it when the information leaks in such a way.
  2. #2  
    Just tried it and the same thing happens with my Alltel 755p.

    A friend of mine at BH had told me this, that there was a security hole...but I didn't know exactly what it meant. He said his wife's company wouldn't allow her to get a Centro because of it.
  3. #3  
    This is not a "hole." Just the way PalmOS was designed, or in this case, the Messaging application.

    As the PalmOS API reminds us, it is for the (client) application to determine if some "records" are private and treat them as required (show them, grey them out or hide them).

    The records themselves are stored as-is without any encryption or obfuscation, so it is entirely possible to open a PalmOS database and read its contents.
  4. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
       #4  
    I'll repeat what I said

    I know the private tag doesn't provide good security, but it seems sort of pointless to even have it when the information leaks in such a way.
    I should have replaced good with "real". I know how the tag is designed, my comment was on the pointless nature of it if apps palm itself includes go around it.

Posting Permissions