[horde] Clarification of "User is not authorized for imp"
Simon B
simon.buongiorno at gmail.com
Tue Jul 30 15:23:01 UTC 2013
On 30 Jul 2013 17:07, "Michael M Slusarz" <slusarz at horde.org> wrote:
>
> Quoting Kareem Dana <kareem.dana at gmail.com>:
>
>> It is at the emergency level here and on my FreeBSD machine that also
logs
>> to the system console which is quite annoying but I can change that with
>> syslog.
>>
>> I believe, at least on my site, this will generate a lot of false
positives
>> and it gives me no information that httpd-access.log doesn't give me
>> already since the log is generated right when a user connects to
>> "/horde/imp" before attempting to even login.
>
>
> Here's the problem... a user will NEVER go to /horde/imp by themselves if
you don't tell them to. WHY would they go there? We don't point anywhere
there in the code. If a user is manually entering horde/imp, that sounds
like an issue to me.
>
> There's a login page. That's what you should point your users to. Yes,
you can't help users from bookmarking pages, but that is much less
prevalent than you think.
>
> There's the very simple solution of only activating the login page on a
user-facing URL and disabling all other pages via HTTP, and then redirect
on login to a domain that allows all access.
Actually, I do this all the time. As soon I type webma.. into my url bar,
both my browsers offer webmail.example.net/imp and so I press enter and off
I go..
I only care about that log message when I can't login (cos file permissions
are wrong).
Simon
More information about the horde
mailing list