[horde] Securing horde access with PHP header() function

Vilius Šumskas vilius at lnk.lt
Fri Feb 3 03:13:35 PST 2006


Łukasz Wojciechowski <lukas at pronet.lublin.pl> rašė:

> Vilius Šumskas napisał(a):
>> Łukasz Wojciechowski <lukas at pronet.lublin.pl> rašė:
>>
>>
>>> Hello
>>>
>>> In my environment I have specific requirements (suphp in apache) and I
>>> want to use Imp.
>>>
>>> If set static redirection like:
>>> header( "http://MyHostName/horde/imp" );
>>>
>>> in Horde main index file:
>>> /horde/indx.php
>>>
>>> Is this the right way (secure) to cut-off access to Horde Admin Panel ?
>>
>>
>> If you want to use only IMP and to disable access to all other
>> applications, set authentification to "application" and choose IMP.
> This is not 100% solution.
> When I set authentication to "application" and application to "imp" Im
> redirected from "horde/" to "horde/imp" but after I log in I can
> manipulate url and I can get into horde by typing "/horde/index.php"

Ordinary users can't get into admin panel by typing /horde/index.php.  
They will be redirected to portal (or imp). Admin panel is viewable  
only for users who are described in horde conf.php file  
$conf['admins'] array (if I remember correctly).

-- 
   Best Regards,

   Vilius Šumskas
   LNK TV system administrator
   mob.: +370 614 75713
   http://www.lnk.lt



More information about the horde mailing list