Sorry, got into this discussion late, but the number one bug-fix-feature- whatever-you-want-to-call-it I'd like to see fixed is the web messaging security vulnerabilities:
All web messaging users are still vulnerable to: 1) Forwarding address changed by script in an email. 2) Email sent from user's account by script. 3) Redirection to fake login page. (possible username/password hack) 4) Vacation message changed. 5) Auto-response changed. 6) Forwarding of messages from mailbox to arbitrary account. Admin web messaging users are additionally vulnerable to: 1) HTML email used to create users with admin capability. 2) HTML email used to create lists. 3) Creation of username-draft accounts to "steal" saved draft copies of user's emails. All web calendaring user's username/password combos can still be stolen by target user simply reading an HTML email. I understand that security bugs are difficult to catch/fix. After all, I'm having to install M$ patches/security updates about every two weeks. However, since all my username/passwords are pretty much trivial to steal, I haven't been able to use Web Calendaring at all and I've limited my users to using email clients like Eudora or Outlook until I've finished writing a secure web messaging interface. I don't really have a problem with IMail charging for a product/upgrade with more features. However, when a security problem like this happens, even Microsoft puts out free security patches. Disclaimer: I'm not brave enough to install 7.1. I don't even know if I can get a copy. So, I don't know if these are still problems, but I did not see them in the fix list. $0.02, Norm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Thursday, May 09, 2002 1:48 PM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Let's be constructive, not whine... > > So, here's my suggestion. If you're going to complain, > > explain WHY you are complaining, and mention the bug that > > is in 7.07 and fixed in 7.1 that affects you. > >Here's a filtered list of bugs fixed in 7.1. <sigh> I asked people to specifically mention bugs that AFFECT THEM. If a bug doesn't affect anyone (for example, someone at Ipswitch discovered it), then it doesn't affect anyone. You're just repeating the same mantra "Give it to me free!", without saying what you need. So far, there is only 1 bug fix in 7.1 that anyone has mentioned (actually, several people mentioned it) that isn't fixed in 7.07, that they need fixed. Creating a 7.08 with that fix would probably cost Ipswitch very little, while creating a 7.08 with everything you took from the 7.10 release notes would cost a lot. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
