Fabio Pietrosanti wrote:
Hi all,
i really need to have Cross Domain ACL within Cyrus IMAP, otherwise it's
a huge limitations that does not permit to have 'shared folders' between
users belonging to different domains ([EMAIL PROTECTED] and
[EMAIL PROTECTED]) .
MS Exchange already have this kind of features.
When Cyrus is used in a groupware environment like Kolab, the imap
folders represent groupware resources used for calendaring, contacts,
todo, etc, etc.
So sharing folders it's very important.
I really would like to understand which are the security risks perceived
by the Cyrus project's developer about the implementation of Cross
Domain ACL.
Its been a long time since I looked into this, but I don't think there
are any inherent security risks, as long as its coded carefully. If
coded improperly, I could see a security nightmare. CMU doesn't have
any immediate need to for this functionality, so its not on top of my
TODO list. I would gladly look at a patch that implemented cross domain
ACLs as an optional (via imapd.conf) feature.
Imho they are a must (along with the sharedseen).
sharedseen is implemented in 2.3.10 and 2.3.11. Its a per-mailbox
feature enabled by setting the /vendor/cmu/cyrus-imapd/sharedseen
annotation to true.
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
