[horde] Security related.
Anant Athavale
asa at isac.gov.in
Wed May 23 15:02:30 UTC 2007
Quoting Chuck Hagenbuch <chuck at horde.org>:
> Quoting Anant Athavale <asa at isac.gov.in>:
>
>> I attached the files again after changing the extension of the file.
>> It was sent to the list successfully.
>
> Those looked like you viewed source on the login and compose screens
> and saved them from your browser - I'm not sure what we can learn from
> them?
What I understood from the user was, he is calling these two php
scripts from his VB code. These are nothing but the source code
generated for login screen and compose screen (as you mentioned above).
So, after this correspondence, I feel it should not a security risk.
But, if anybody can emulate and confirm, it will be very good.
Thanks for your support.
Regards,
Anant.
>
>> Can I prevent him from sending mails by changing any of the
>> parameters listed above? I feel the sending mails should not have
>> worked since I use cookies. But he is able to send mails.
>
> Cookies are just something else to handle in the HTTP connection, and
> not a very hard one - just another step.
>
> -chuck
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
Regards,
Anant Athavale.
More information about the horde
mailing list