[dev] default backends

Vilius Šumskas vilius at lnk.lt
Tue Feb 15 18:07:39 UTC 2011


Sveiki,

Tuesday, February 15, 2011, 7:47:02 PM, you wrote:

> Not to mention the security concerns.  We ship a configuration default
> that we think makes sense, and it turns out that it opens a security  
> hole on my particular installation.

That's  very  good  point. Imagine that I'm admin and I have a backend
configured  with  my  secret  username  and password. Suddently, Horde
developers   change   'hostname'  key  of  the config array to 'host'.
Boom,  you  installation  ends  up logding into completely different
server.   Even  if it  points to  'example.com'  I  don't  want  the  password
transmitted through the internet.

Maybe  some  kind  of configuration file versioning/prioritizing could
help here?

--
Best regards,
 Vilius



More information about the dev mailing list