Eero Volotinen writes: > Well, I think that C-interface is now antique and it slows too much > development of qmailadmin.
But at least it runs quickly and isn't a major security hole. Without an equivalent of suexec then your mail directories have to be readable and writeable by the Apache user and therefore anyone who can install a PHP page on your server can trample all over your mail. If you have a dedicated mail server that's fine. If you are a small ISP with a server that handles web hosting and mail then that is downright dangerous. PHP is dangerous in any situtation where files have to be modified and you have multiple users. Yes, there are add-ons that give you suexec functionality with PHP but they are add-ons and not integrated into PHP itself. And before those add-ons appeared there was nothing. In fact PHP deliberately refuses to let you run it under suexec (the obvious solution) on the grounds that it is trying to increase your security by refusing to do so. It was at that point that I abandoned PHP and refused to have anything more to do with it. And let's not even explore the useless functions like on-the-fly scaling of images and the books that encourage people to use that function to generate thumbnails on-the-fly each time a page is displayed. By all means write an alternative to qmailadmin in PHP if you desire. Translate the code from qmailadmin if it helps. But please do not try to get qmailadmin developers to switch to PHP. -- Paul Allen Softflare Support
