On Thu, May 09, 2002 at 07:24:39PM -0000, Darrell May <[EMAIL PROTECTED]> wrote:
>
> Brandon Friedman <[EMAIL PROTECTED]> said:
>
> > Has anybody installed this on SME?
> >
> > It's need by Sherpath to use the SMS functions?
>
> Brandon I know you are spending a lot of time looking at Sherpath. I have
> only had time to take a brief look but I did notice a few things of concern:
>
> - it appears to require ftp enabled for it's file management. This is
> insecure and the main reason ftp is disabled under SME by default.
I'm not sure it is. FTP is disabled under default because it's a bad
idea to pass passwords over untrusted networks. If you're running
sherpath on your SME Server and it's modifying files via FTP on the
server, it doesn't go over any untrusted networks (or it shouldn't,
at least!) because it can use the loopback interface.
(I haven't looked at Sherpath, but it sounds like it does what Horde's
Gollem file manager does.)
> - it appears to authenticate users via an admin defined mySQL database
> table. IE it does not appear to tie into or use any existing SME system for
> authentication.
FWIW, Gollem uses the successful ftp login as an authentication
mechanism, which gets around that nicely. And if you've got IMP 3.0
installed, then you've already got the Horde libraries it requires
(although you might need some more php module packages).
-Rich
--
------------------------------ Rich Lafferty ---------------------------
Systems Administrator/Support Engineer, Network Server Solutions Group
Mitel Networks, Ottawa, ON +1 613 592 2122 (x2513)
---------------------------- [EMAIL PROTECTED] ------------------------
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
