[horde] Clarification of "User is not authorized for imp"
Kareem Dana
kareem.dana at gmail.com
Tue Jul 30 15:49:54 UTC 2013
Michael,
I think you are right here. I'm running horde 5 on a development system
before I deploy it to my users and I encountered this log entry just by
myself and I didn't understand what it meant. It was a bit confusing to see
"User is not authorized" even before any attempted login. Now I have a good
idea of why it is being logged though.
I think I may adjust where it is logged through my syslog configuration and
see how prevalent it really is. I just wanted a good understanding of why
that logging was taking place and what horde was doing. To be clear, yes I
do only get the log entry when I manually type in "/horde/imp". I guess
I'll find out how many of my users have bookmarked or get to it through the
browsers autocomplete. I may even try your solution above, although I doubt
anything more involved will be necessary at least for my site. Thanks again.
Best,
Kareem
On Tue, Jul 30, 2013 at 10:06 AM, Michael M Slusarz <slusarz at horde.org>wrote:
> Quoting Kareem Dana <kareem.dana at gmail.com>:
>
> It is at the emergency level here and on my FreeBSD machine that also logs
>> to the system console which is quite annoying but I can change that with
>> syslog.
>>
>> I believe, at least on my site, this will generate a lot of false
>> positives
>> and it gives me no information that httpd-access.log doesn't give me
>> already since the log is generated right when a user connects to
>> "/horde/imp" before attempting to even login.
>>
>
> Here's the problem... a user will NEVER go to /horde/imp by themselves if
> you don't tell them to. WHY would they go there? We don't point anywhere
> there in the code. If a user is manually entering horde/imp, that sounds
> like an issue to me.
>
> There's a login page. That's what you should point your users to. Yes,
> you can't help users from bookmarking pages, but that is much less
> prevalent than you think.
>
> There's the very simple solution of only activating the login page on a
> user-facing URL and disabling all other pages via HTTP, and then redirect
> on login to a domain that allows all access.
>
>
> michael
>
> ______________________________**_____
> Michael Slusarz [slusarz at horde.org]
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.**org<horde-unsubscribe at lists.horde.org>
>
More information about the horde
mailing list