[imp] replacing from_addr field in IMP identity prefs
Joe Auty
jauty at indiana.edu
Thu Nov 9 12:36:05 PST 2006
On Nov 9, 2006, at 5:35 AM, lst_hoe01 at kwsoft.de wrote:
> Zitat von Otto Stolz <Otto.Stolz at uni-konstanz.de>:
>
>> Hello,
>>
>> Joe Auty schrieb:
>>> Hmmm... I'm not sure what was meant by the "db based on
>>> Auth::getAuth()"? Do you have a better idea than I what is meant
>>> here?
>>
>> Cf. <http://dev.horde.org/api/framework/Horde_Auth/Auth.html>,
>> particularly
>> <http://dev.horde.org/api/framework/Horde_Auth/
>> Auth.html#methodgetAuth>.
>>
>> I guess, the original poster has suggested that the Horde user-id
>> should be the primary index in a database containing the choices
>> available to each user.
>>
>
> Yes this was the primary goal. Every user defined by his/her login-
> ID should be able to choose from the aliases tied to this account.
> Typing in some random sender address is prone to error and misuse.
>
> Would be really nice to see such a solution.
>
>
Yes... while a user can simply type in whatever from address they
want in a standalone email client, a web application like IMP can be
scripted to perform joe-job attacks, which is a problem...
I already have the valid from addresses in a separate database, I
just need to connect these interface changes with the back-end in as
elegant a manner as possible.
-----------
Joe Auty
UITS Messaging
Indiana University
jauty at indiana.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.horde.org/archives/imp/attachments/20061109/8e16f9d1/PGP.bin
More information about the imp
mailing list