On Sun, 17 May 2009 08:12:46 +0200, "Roland Liebl" <[email protected]> wrote: > Hi devs, > > I'm going to update DNS-Blacklist plugin (MyRoundCube) to play with the new > Plugin API. > > It checks if an IP is blacklisted. This is very usefull for public webmails > to keep off spammers. It helped me very much on http://mail4us.net to keep > spammers off my public test environment for MyRoundCube. > > How would you like to see it? Should it lock out a user already at the > front page (login) or is it better just to block certain tasks like sending > messages, setting a forwarder or an autoresponder and let the user access > for other tasks like reading his messages even he is blacklisted? > > Regards, > Roland
Thinking from a purely security based point of view, I think the best solution is to deny all first and then customize to allow after. >From the exploiting from phishers I have seen, any vector of entry is a cause for concern. Personal information being disclosed, post authentication exploits, etc.. are just some of the off the top of the head reasons I could see for doing a deny before login. -- Robert King System Administrator Computing & Communications Memorial University _______________________________________________ List info: http://lists.roundcube.net/dev/
