[imp] further issues

Michael Rubinsky mrubinsk at horde.org
Wed May 28 12:57:15 UTC 2008 

Quoting "Spiro Harvey, Knossos Networks Ltd" <spiro at knossos.net.nz>:

>> ...because IMP has a [server][token] setting that determines the
>> lifetime of tokens that protect against XSS attacks. Look at the IMP
>> setup page on the 'server' tab.
>
> adding these into my imp/conf.php fixed the problem.
>
> $conf['server']['cache_folders'] = true;
> $conf['server']['token_lifetime'] = 1800;
> $conf['server']['cachejs'] = 'none';
> $conf['server']['cachecss'] = 'none';
>
>
> I have configured my horde install so that the admin stuff is
> accessible. it's a pain in the neck to display it all again, and given
> that horde seems to crap its pants when I so much as look at it askew, I
> find it best to leave well alone.
>
> If the token is a new feature, then it should have been mentioned in the
> upgrade notes. If it's not a new feature, then why did Imp work before
> without these settings enabled?

Yes, this is a new feature.


>
> I prefer to be able to control Imp (and horde) through the config files
> directly.

This is asking for trouble.  These files are not designed to be fully  
configured by hand from scratch.

> Am I going to be forced to go into the GUI admin with each
> update just to see what new undocumented features have been added, or is
> it reasonable to expect a list of these features and config settings in
> the upgrade notes?

Major additions _are_ mentioned in the upgrade notes, but this is  
exactly why we display an out-of-date icon next to the setup for  
applications whose configuration needs to be updated.  We provide  
reasonable default values for newly added settings (in this case, we  
set it to 1800 seconds by default) - but you are going to need to at  
least save the new configuration file....not an unreasonable  
expectation after a major point upgrade.


Thanks,
mike

--
The Horde Project (www.horde.org)
mrubinsk at horde.org

"Time just hates me. That's why it made me an adult." - Josh Joplin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: PGP Digital Signature
Url : http://lists.horde.org/archives/imp/attachments/20080528/d5156308/attachment.bin

More information about the imp mailing list