[EMAIL PROTECTED] schrieb: >> Yes. That's my main concern. >> > >It's not all that different to imapd having access to the whole db. >Unless you have seperate DB's per user you can't have that layer. >At some point you have to trust something ;->
A webbased application has stored the database connection string in cleartext somewhere on the webserver. If you hack the webserver and get the sql connection setting you have access to the whole (imap)database. That's really bad. If you access the imap server over the imap protocol, you need to have a username/password. And if you get this somehow, you can still access only one imap box(ignoring acl). That's the main difference and my main concern. -- Lars Kneschke Metaways Infosystems GmbH Pickhuben 4 20457 Hamburg Germany eGroupWare Training & Support ==> http://www.egroupware-support.net E-Mail: mailto:[EMAIL PROTECTED] Web: http://www.metaways.de Tel: +49 (0)40 317031-21 Fax: +49 (0)40 317031-81 Mobile: +49 (0)175 9304324
