Brandon Friedman <[EMAIL PROTECTED]> said:
> Has anybody installed this on SME? > > It's need by Sherpath to use the SMS functions? Brandon I know you are spending a lot of time looking at Sherpath. I have only had time to take a brief look but I did notice a few things of concern: - it appears to require ftp enabled for it's file management. This is insecure and the main reason ftp is disabled under SME by default. - it appears to authenticate users via an admin defined mySQL database table. IE it does not appear to tie into or use any existing SME system for authentication. Has anyone else taken a further look at these security issues? Again I have not had time to look into the code. Maybe it is safe but at this point I at least wanted to voice these concerns for devinfo discussion, so comments are welcomed from those that have taken a deeper look. Regards, -- Darrell May DMC Netsourced.com http://netsourced.com http://myEZserver.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
