[horde] Security related.
asa at isac.gov.in
Thu May 17 06:05:05 UTC 2007
One of my colleague is developing an application in VB. He says, he
is able to send an email to a person without logging in through
browser (He is sending the login parameters to HTTP Server directly
and later sending compose.php parameters directly through VB). He
came to me telling that, I am unable to attach any files using this
method and hence came to know about this.
In our setup, we do not want such a thing to work. We already have
setup firewall to prevent direct connectivity to port 25 (Mail port)
on the mail server. Actually, we have locked from_address to prevent
forged mails. Can he escape from this check, if he uses this method?
What steps do u recommend to prevent this.
We are using all latest stable releases of HORDE 3.1.
I am attaching the two PHP files, using which he is sending mails.
My requirement is nobody should be able to login/send mails through
any external application. How do I achieve this.
Waiting for early reply.
More information about the horde