[imp] Security Question

Chuck Hagenbuch chuck@horde.org
Mon, 30 Oct 2000 12:06:25 -0500

Previous message: [imp] Security Question
Next message: Special chars
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Andreas Ebinger <ebinger@uni-hohenheim.de>:

> The default value is 1440 minutes,
> (var $gc_time  = 1440;               // Purge all session data older than 14
> 40 minutes.)
> is it a performance problem to use such a high value ?

I don't see how it is, unless your available space for your database is very
small...

> I would like to ignore all log in tries without cookies, I think horde-imp
> version 2.0.x did that, is there a way to do this in version 2.2.x ?

In phplib's local.inc config file, change fallback_mode to 'none'.

> Somewhere I read that in horde-imp 2.3.x you changed the session
> management and you are not using phplib anymore, what is different ?

We use php4 sessions.

> And if I change the session management(in version 2.2.x) to Shared
> memory,LDAP,DBM database
> I will probably have the same problems ? As long as someone is able to get to
> know the session ID, he/she will be able to use my  mailaccount from a different
> computer with a different userid(if I am still logged in or the session is not
> garbage collected).

Correct.

> Should I just change to version 2.3.x ?

That's up to you. Without cookies you still need to fall back on url-based
sessions, though.

-chuck

--
must... find... acorns... *thud*

Previous message: [imp] Security Question
Next message: Special chars
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]