Not sure if this is an important issue or one being tested against, but thought I'd report it for the community's consideration.
In running the bts client on a Windows Virtualbox VM, if I suspend the VM with the bts client open and unlocked (I'm aware that's not a very smart thing to do) and resume it the next day, the client is is still open and unlocked.
It would be better if the client came up in the locked state (require password) as soon as it can detect the delta time has exceeded the lockout time threshold.
When the VM is first resumed, the clock may reflect the time it was before it was suspended, at least for a few cycles. I'm not sure that's actually the case or if the the btx app will be able to detect the gap and initiate the lockout out state.
I'm not sure if or how this could be implemented, whether it's worth looking at, or whether it's practical to resolve this. As I said, it's not very smart to suspend a VM running an open and unlocked BitShares client, but if it's possible, practical and a small cost to implement this is a security hole that would be nice to plug.
Topic: Security issue running client on VM (Read 908 times)
