| very concerned about having my Xmail and Xmail-WAI admin passwords in | plain-text in the config.xml file.
These passwords must be in script usable form, which means plain text. Every other solution is too much complicated. If you would follow my directions, access to config.xml by intruder needs so high level of control over your server, so the Xmail compromision would be the smallest of your problems. | Xmail-WAI also displays the user's | password in plain-text when they are logged in. This seems | very in-secure to me. HTTP communication itself is insecure, so everything above is irrelevant. I recommend to use SSL (HTTPS) for all mission critical web apps. | Also, in Win2K, what directory permissions do you use for the | xmwconfig and | xmadmin directorys? I had Administrator/System full, but I | had to enable | Full for Everyone to get MailProc and other functions working in | Xmail-Wai. Any tips would be appreciated. You don't need to enable full access to everyone. Enable read-only access for your web user to "xmadmin" and "xmwconfig" and full access for this user to "xmadmin/attachments" and "xmwconfig/mailproc". - - - - - Sorry, for me the main problem isn't to develop WAI, but to develop help and documentation and I'm expecting the WAI users to be as experienced web app developers and sys admins as I am ;-) -- Altair - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
