[imp] Access to other users mailboxes

Liam Hoekenga liamr at umich.edu
Tue Apr 1 14:47:02 PST 2003


Quoting Charlie Reitsma <reitsmac at denison.edu>:

> Great! It's not just us. Same versions as you. A few students report seeing
> other students inboxes and being able to read messages. php.ini entropy
> settings are 16 and /dev/urandom on RedHat 7.3. gc_maxlifetime is three hours. 
> Have not been able to reproduce problem myself. Two students with their own
> Macintosh systems have been able to reproduce it fairly consistently.
> Anything I should look for in the prefs and/or session_data?

We've run into this too - hasn't happened since the beginning of the semester.
We'll see what happens at the end - which is usually pretty busy, and when we've
normally received reports of this.

You might try upping the amount of entropy to 24 or 32.

You might also make sure that the people who can reproduce it haven't created
bookmarks that point to pages inside of IMP.  It's possible that the URL could
have the sessionID in it.

Liam


More information about the imp mailing list