[imp] How can I to test ...?

Brent J. Nordquist bjn@horde.org
Mon, 18 Jun 2001 07:02:37 -0500 (CDT)

Previous message: How can I to test ...?
Next message: Return Receipts?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 18 Jun 2001, Sebastian Segeth <sebastian.segeth@FernUni-Hagen.de> wrote:

> How can I to test if my imp webinterface is secure?

I'll give you a few suggestions on this one, but understand that security
is complicated and you may need to find some good books (or a good
consultant) if you haven't thought about these issues before.

Have a look at imp/docs/SECURITY for a list of specific Horde/IMP issues
to consider.  (I'm assuming you're using IMP 2.2.x)  Make sure your web
server isn't serving configuration files (imp/config/defaults.php3 should
not be accessible through the browser).  Make sure you are providing a
secure web server (https://...) for IMP so that users' passwords can't be
sniffed off the network.

Of course, the machines that host your Horde/IMP web server, and your IMAP
server, need to be secure, too.  But that's an even bigger topic that's
beyond the scope of this mailing list.

-- 
Brent J. Nordquist <bjn@horde.org> N0BJN
Yahoo!: Brent_Nordquist / AIM: BrentJNordquist / ICQ: 76158942

Previous message: How can I to test ...?
Next message: Return Receipts?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]