Aaron Bannert wrote:
> The attack is the same, but the result is different. Named virtual hosts
> only really affect how the client contacts the server, and everything
> else happens in HTTP (in the Host: header). You can not prevent someone
> from altering their own DNS entries maliciously. OTOH, DNS-trusted
> runtime-config would allow an attacker to configure your httpd with
> whatever LDAP config they wanted, including SuEXEC, piped logs, etc.
You're 100% correct - which is why your network would be suitably
secured with private networks, connections based on IP address or names
defined in /etc/hosts, all the provisions normally installed at any
secure LDAP based email installation. :)
Regards,
Graham
--
-----------------------------------------
[EMAIL PROTECTED] "There's a moon
over Bourbon Street
tonight..."
S/MIME Cryptographic Signature
