[dev] Horde admin patches.

Chris Bowlby excalibur at hub.org
Sun Jan 12 14:25:27 PST 2003


On Sun, 12 Jan 2003, Chris Shepherd wrote:

The company I work for (hub.org) does domain hosting, and we provide horde
to our clients so that they might have web access to their email,
filtering, spam assassin, calendering, etc.. As a result each client has a
database backend that stores all their data. The catch is that they can
use the SQL Shell to get a listing of all the databases's, which is
insecure. They can't gain access to them, but we've seen indications that
some where making the attempt to anyway. So I wanted to remove the means
with which they could gain access via Horde to get a list of other clients
database's... :>


> Jan Schneider wrote:
>
> >I have no problems applying this patch but I ask myself, why you want to
> >give admin access to people who might mess with the shells without knowing
> >what they're doing?
> >
> >Jan.
> >
> I was actually wondering the same thing. While the PHP and SQL shells
> are both a larger extertion of control over the system, the
> administration and configuration sections are there to configure the
> apps and permissions. It's unlike other pieces of software wherein you
> have a super admin who deals with that, and several sub-admins who do
> things like maintain data, keep permissions up to date, et. al..
>
> --
> Chris Shepherd
>
> "The early bird may get the worm, but the second mouse gets the cheese." -- Anonymous
> "Eagles may soar but weasels don't get sucked into jet engines." -- Anonymous
>
>
>
> --
> Horde developers mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
>

 Chris Bowlby,
 -----------------------------------------------------
 Manager of Information and Technology.
 excalibur at hub.org
 www.hub.org
 1-902-542-3657
 -----------------------------------------------------


More information about the dev mailing list