The session string can be helpful for kicking a user between "iwebmsg" and your own web server with only a single authentication point. I have already accomplished this with my system, and have integrated my online billing / spam filters with the web templates.
You can see an example of what I'm talking about at http://mail.bsc.net/ Email= [EMAIL PROTECTED] Pass = declude Notice whenever your URL begins with "http://mail.xxxx"; you are in IMAIL's Web messeging server, but whenever your URL begins with "http://signup.xxxx"; you have followed a link which kicked you to my other web server, and verified your login information from IMAIL. (preventing you from having to login twice). ( for a specific example, click the spam filters button ) Search the mail archives at http://www.mail-archive.com/declude.junkmail%40declude.com/ to find my older post which explains how I accomplish this, or ask if you are curious. I think this might be along the lines of what you are asking. -Tom -----Original Message----- From: Cxan [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 01, 2002 4:35 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Imail Web Based Interface Terry, You have been a great help today. I think the links that you sent me would be a good start. Many Thanks Mishi ----- Original Message ----- From: "Smart Business Lists" <[EMAIL PROTECTED]> To: "Cxan" <[EMAIL PROTECTED]> Sent: Sunday, December 01, 2002 5:28 PM Subject: Re: [Declude.JunkMail] Imail Web Based Interface > Mishi > > Sunday, December 1, 2002 you wrote: > > The link that you sent me did not explain what I am asking for. Let > > me explain my question a bit more: Suppose there is a virtual domain > > called abcvirtual.com on a server called xyzserver.com. When a user > > logs in to the server using Imail port 8383 then Imail creates a > > bunch of security character strings like : > > http://xyzserver.com:8383/Xade9939bcc9fcf9aee8571e9/menu.63104.cgi?mbx=Main > > What I am trying to figure out is what holds/creates the string : > > Xade9939bcc9fcf9aee8571e9 > > Oh, I did misunderstand. I do not believe that the session id is > well known. It is certainly not documented in so far as I know and > I've never seen a hack described. There have been vulnerabilities > described to acquire someone's session id but all I know presuppose > the existence of the id. Since the IMAIL password has been hacked > and described I suspect the session id has not been or it would also > be described somewhere. > > Therefore, I suspect your most promising path of exploration is to > attempt to modify the templates after the session is created. See > these links for aid on customizing web messaging templates and the > special tags you can use: > > http://support.ipswitch.com/kb/IM-20000615-DM01.htm > http://support.ipswitch.com/kb/IM-20010928-DM01.htm > > http://www.ipswitch.com/support/IMail/guide/imailug7.1/Appendix%20H%20cal_te mplates5.html > > I know this is not answering your question but maybe it will help. > > > Terry Fritts > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
