[horde] Horde ALWAYS perceiving the domain as example.com regardless of configuration

jblank at twu.net jblank at twu.net
Thu Oct 14 09:44:57 UTC 2010


I could understand it saving many things in the session cookie[s]... 
however, server-side settings like 'where to send an email to' are not 
among them. It seems quite odd that this particular setting is stored or 
cached anywhere on the client end... Are you sure about that?

This opens up the possibility that, if a user-side cookie can tell the 
server who to email, that by manipulating this token, Horde can be used as 
a spam gateway. (Of course, presumably the user would have to have an 
account on the Horde-running system to even get to an email form... 
right?)

On Thu, 14 Oct 2010, lst_hoe02 at kwsoft.de wrote:

> Zitat von jblank at twu.net:
>
>> Addendum to the below: I reloaded the page after not touching it for a 
>> while, and now it perceives the conf settings correctly.
>> 
>> I am quite confused.
>> 
>> Could config settings be being cached somewhere, so that it would be 
>> possible for config changes to take some time to 'stick'?
>
> PHP-Cache?
> And yes the values are stored in the session you have to logout/login.
>
> Regards
>
> Andreas
>
>


More information about the horde mailing list