Hi Dan, You're right. If this feature will be bound to the "IMail System Administrator", it might be more secure. Usually the System Administrator has the need to create a program alias,m i think.
> But maybe I'm just being paranoid. A security paranoia is always welcome... ============================================ Am Donnerstag, 26. August 2004 um 21:31 schrieben Sie: > "6.) It is not possible to create a program alias via WebMail. This should > be changed." > I, for one, am glad this isn't available in Webmail. Seems like it could be > a giant security risk to allow creation of executable code on our server. > Even if it is locked down to admin, I don't know how secure Imail's > homegrown web server is. I don't know how hard it would be to exploit it > and gain admin privileges. > I can immediately imagine several kinds of programs that could be put into a > program alias that would severely compromise our systems. In addition to > all the malicious code that could be put up, imagine if a spammer gained > enough privileges to set up a program alias (through whatever means). He > then uploads a program that will accept an email and blast that email out > via SMTP to his whole list, completely bypassing Imail's SMTP engine, and > any controls you may have on it to prevent relaying spam. > But maybe I'm just being paranoid. Anyone else see this as a security risk? > -Dan Horne > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ ============================================ -- Mit freundlichen Gr�ssen -------------------------------------------- Merlin Consulting Martin Schaible Bahnhofstrasse 27 CH-8702 Zollikon Phone: +41 1 391 30 00 Fax: +41 1 391 32 49 Mail: mailto:[EMAIL PROTECTED] URL: http://www.merlinconsulting.ch Support: http://support.merlinconsulting.ch GPS: N47 20.235 E8 34.226 -------------------------------------------- News - Neue Produkte: .:. Kiwi Syslog Monitor .:. Paessler GmbH .:. Sawmill Loganalyzer -------------------------------------------- To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
