[Cross-posted to mozilla.dev.apps.thunderbird; followups redirected there] Nathanael Hoyle wrote: > > Greetings all, > > I want to make sure that there is not some capability which I am > currently missing to tell Thunderbird not to cache/store emails or spool > information on the local disk (this obviously makes most sense with IMAP > servers and other servers that store the email server-side). > > Ideally, solid disk/filesystem encryption makes this mostly a non-issue, > but this is not always possible. I would like to be able to access email > without leaving copies of email subjects or bodies cached anywhere on > the local disk. Failing that, I would like to be able to securely > encrypt them at the application-layer. The emails are being retrieved > across an IMAPS encrypted IMAP session, so transport 'should' be secure, > and the paging/swapfile is turned completely off on the system to avoid > the possibility of sensitive information being cached from memory on disk. > > First off, is there currently a way to do this that I'm missing?
So far as I'm aware, there is currently no way to do this. > Assuming that there is not, does anyone have an idea roughly what the > level of effort involved in creating this capability is? Is this do-able > with a plugin, or would it require changes to the base source tree? > > I am prepared to dive into coding the changes myself if need be, but > dislike re-inventing working wheels where they already exist. I suspect this is going to be at least a moderate amount of work, if not more and would probably require changes to the base source tree. It's conceivable that you could get a some part of the way there by overriding the various XPCOM messsage-db components, though. I'm hoping David Bienvenu will see this in m.d.a.thunderbird and chime in as well, as I'm sure he has a better feel for the scope than I do. Dan _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
