[horde] Horde and WebVPN/SSLVPN Problem

horde@utheissen.dyndns.org horde at utheissen.dyndns.org
Mon Jul 3 15:45:31 PDT 2006


Sometimes one reads rtfm in lists ... I want to say here think first to
your reply, Chuck.
Why do you think forms wouldn't work... I didn't write anything about
that - as I didn't find any
problem with them. So specially for you I had a look why this works: the
form uses action="compose.php?uniq=...
so the the relative path /horde/imp which was rewritten to
/http/0/172.16.0.253/horde/imp was used to
send the actual email.

To do this test, I patched the applicationUrl-Function in order to
rewrite an URL if the request comes from a
certain IP - which then brakes other functions and doesn't help for
everything.


But as I wrote before I don't want to start  a holy war about the
different possibilities
to implement certain functions. I don't mind what technique is used as
long as it is portable
flexible and open for new technologies as WebVPN/SSLVPN.

So my question again: Does anyone have a solution for my problem or do
the developer know a
workaround without a lot of patching?

I donn't think that I am the only one who might wan't to improve the
security using WEBVPN/SSLVPN
as Cisco deploys it widely in its IOS-Routers 870series and higher, ASA
and VPN-Concentrators.
Also openssl-based systems are available and as far as I know work quiet
similar.

Ulrich
Chuck Hagenbuch wrote:
> Quoting horde at utheissen.dyndns.org:
>
>> And you could also say - from a security point of view - that a front
>> end that uses ANY popups, frames or Javascript menus while all this
>> can be done without it using them is
>
> Forms? No hrefs there, unless you encapsulate all of your forms in
> javascript - oops, but you already called that crap.
>
> -chuck
>
> --"we are plastered to the windshield of the bus that is time." - Chris
> --Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>



More information about the horde mailing list