Gabriel Ambuehl wrote:
True. You could do this, by setting up all of the domains as hosteddomains, but you would lose the benefits of running one or more of the domains as local domains. (Whatever those benefits may be for each situation.) Plus, this brings the user experience of the previously local domains down to the level of the hosted domains. I realize that it's a minor drop in usability for that domain, but it's just against my nature if it's avoidable.Hi Jerome Bullert, you wrote. JB> We can tell ourselves that the chance of "[EMAIL PROTECTED]" JB> successfully entering the password of "[EMAIL PROTECTED]" is remote, JB> but it's probably not as remote as we'd like to think. In this scenario, JB> since we know that both "right-domain.com" and "wrong-domain.com" are JB> serviced by the same mail system: JB> -Odds that they service the same geographical area (or business type, or JB> personal interest, etc) = High JB> -Odds that these users live in/are connected to the same area ( or JB> business type, or personal interest, etc.) = High
JB> As a result, the odds that these users could have the same password = JB> Increased exponentially JB> -Whether it's the local high school, college, or pro football team, JB> their favorite stock symbol, favorite porn star, etc. JB> (We all know how the average user excels at selecting secure passwords.) JB> Result = a lower level of security
Can't you just deactivate support for "user" altogether and require [EMAIL PROTECTED] for EVERYONE? That should take care of accidental account "cracking"/locking, no?
Regards, Gabriel
But it would prevent accidental cracking/locking, which is priority #1 in this scenario.
-- Jerome Bullert 831-234-2023 [EMAIL PROTECTED] -----------------------------
------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
