[horde] Security related.

Anant Athavale asa at isac.gov.in
Wed May 23 10:26:43 UTC 2007


Quoting Chuck Hagenbuch <chuck at horde.org>:

> Quoting Anant Athavale <asa at isac.gov.in>:
>
>>> Nope. He's just using VB like a browser. He can't do anything you
>>> can't do from a browser.
>>
>> but, how does the session is maintained?
>
> Either by passing the cookie or by putting the session id in the URL.
> You can disable URL-based sessions if it's the latter and you don't
> mind requiring your users to enable cookies.

We have the following settings in conf.php for Horde.

$conf['session']['name'] = 'Horde';
$conf['session']['use_only_cookies'] = true;
$conf['session']['cache_limiter'] = 'nocache';
$conf['session']['timeout'] = 0;
$conf['sessionhandler']['type'] = 'none';

>
>> It was in my sent mail.  I do not know, how it missed in the list.
>> Attaching again.
>
> The list allows a very limited set of attachment types to prevent spam.

I attached the files again after changing the extension of the file.   
It was sent to the list successfully.  Can I prevent him from sending  
mails by changing any of the parameters listed above?  I feel the  
sending mails should not have worked since I use cookies.  But he is  
able to send mails.

Regards,
Anant.


>
> -chuck
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>



Regards,

Anant Athavale.


More information about the horde mailing list