Re: oauth2 support for Emacs email clients

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: oauth2 support for Emacs email clients

From:	Alexandre Garreau
Subject:	Re: oauth2 support for Emacs email clients
Date:	Wed, 11 Aug 2021 08:37:36 +0200

Le mardi 10 août 2021, 17:56:58 CEST David Engster a écrit :
> >> Well, you could just use Thunderbird's. It's all right here:
> >> 
> >> https://github.com/mozilla/releases-comm-central/blob/master/mailnews
> >> /base/src/OAuth2Providers.jsm
> >> 
> >> You shouldn't though, because that could get you in trouble.
> >> 
> >> While all this stuff is essentially security theatre, good luck
> >> explaining that to your IT security department...
> > 
> > I explained to my IT administrator that I'd like to use Emacs for
> > email. Others should too.  There's no shame in it. :-)
> 
> That's not what I meant. Your administrators might think that they have
> only allowed Thunderbird to access IMAP, while in reality they have
> whitelisted everything, because you can trivially copy the client-ID and
> -secret from Thunderbird's source. That's what I mean with "security
> theatre" - everyone's just sticking to the script.

If there is a trivial, secure and documented way of “whitelisting” some 
app from network, it means they would have a way to verify the secret, 
hence it would be somewhat trivial to get in not from sources but from the 
binaries of many programs as well, I believe u.u

[Prev in Thread]

Current Thread

[Next in Thread]

Re: oauth2 support for Emacs email clients, (continued)

Prev by Date: Re: Easy configuration of a site-lisp directory
Next by Date: Re: Adding new packages to NonGNU ELPA
Previous by thread: Re: oauth2 support for Emacs email clients
Next by thread: Re: oauth2 support for Emacs email clients
Index(es):
- Date
- Thread