[sork] patch: customsql option and other goodies

Eric Rostetter eric.rostetter at physics.utexas.edu
Thu May 13 20:17:50 PDT 2004 

Quoting Jan Schneider <jan at horde.org>:

> Zitat von Eric Rostetter <eric.rostetter at physics.utexas.edu>:
>
>> Quoting Jan Schneider <jan at horde.org>:
>>
>>> I only committed the keep local part of the patch for now. The password
>>> isn't really requested for security reasons, it's only necessary for some
>>> drivers.
>>
>> No, actually, it is also there for security reasons.  I would object to
>> removing it, though I won't object to a configuration option to remove
>> it.
>
> We are not talking about passwd, but forwards, just to make that clear. I

Yeah, I kind of lost sight of that, but it really doesn't change my
argument much.

> see no difference between forwards and any other module that we have that
> interacts with the local system like Ingo for example.

Which might be a reason to look at what Ingo does...  Ingo is kind of
strange, in that it used to be part of IMP, and is now separate and
has grown in capabilities, so it is kind of a complex issue.

> The password in forwards is *only* used for the backends that actually
> *need* a password for the driver to activate the message. There is no check
> in any driver to verify the user password with the current one. It wouldn't
> make sense anyway IMO, see above.

Originally, all drivers required the password, so it was a mute point then.
It can't compare it to the Horde or IMP auth, as it may not be the same as
the backend auth for forwards.

> The driver that needs credentials to work can take a look at the
> configuration to see if horde auth is enabled. In this case it knows that
> it doesn't need a password and needsPassword() (or whatever) returns false,
> otherwise true.

This only covers the case of horde auth (which I forgot about actually).

> Jan.

Some things to think about.

* Why would forwards say:

   For your protection and safety, you must identify yourself with your login
   password to verify this change.  Then submit the form so that your forward
   can be updated.

if the password wasn't there for security reasons?

* How would not allowing a password be used with guest logins?

* How would not allowing a password in the module work if Horde doesn't
require a password?

* Do you really want people changing your account on another server
just because they have access to your horde login?  (Think, stupid user
leaves horde/IMP logged in and walks away from the computer to get a drink
or something; next person walks up and redirects all his mail without their
knowledge as a malicious endevour).

* There could be issues with session/tcp/etc hijacking, etc.

I'm very sure that *many* people want to do away with these password checks.
However, I'm sure there are a small number of security conscious people who
really want to keep the password check in the sork modules, though we'd
allow it to be optional for the others...

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Why get even? Get odd!

More information about the sork mailing list