[horde] Clarification of "User is not authorized for imp"
Michael M Slusarz
slusarz at horde.org
Tue Jul 30 04:36:12 UTC 2013
Quoting Kareem Dana <kareem.dana at gmail.com>:
> I just installed a fresh horde 5.1.2 and imp 6.1.3. Imp is configured to
> handle authentication and imp connects to dovecot. If I directly go to the
> url http://192.168.1.5/horde/imp, Horde redirects me to horde/login.php and
> shows the standard login page, but it also throws up the following well
> known error in the logs:
>
> Jul 28 20:46:44 test1 HORDE: User is not authorized for imp [pid 21092 on
> line 267 of "/usr/local/share/pear/Horde/Registry.php"]
And this is correct. DON'T do this. There is a single login page for
Horde. An access to any other page is an indication that a user is
trying to access Horde services - so without proper authentication
credentials set, this is obviously a potential security issue and
needs to be logged (since there is no way to differentiate between a
user "accidentally" visiting an permission protected page vs. an
attacker scanning for vulnerabilities).
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the horde
mailing list