from:"Tim Hassan"

API Question

2001-02-06 Thread Tim Hassan


The function in vpopmail.h version 4.9.8:

int vadddomain( char *domain, char *dir, int uid, int gid); 

what does dir denote?
is it the domain's main directory? 

for example, if my code was like: 

ret = vadddomain(dom, something, VPOPMAILUID, VPOPMAILGID); 

what should I have instead of "something"? 

Any help is greatly appreciated. 

Tim

vchkpw lacking authentication security

2001-01-15 Thread Tim Hassan



Dear Inter7 Developer: 

I recently discovered the following security drawback in vpopmail with 
vchkpw authentication: 

No matter how long you set the password to when adding a new user, only the 
first 8 characters of the password are used. So for example, if I do: 

./vadduser [EMAIL PROTECTED] this-is-hard-to-guess-234234235-23423 

and then I try to login to my email as user "test" and password "this-is-", 
it would let me in.
As you may already know, any password below 8 characters is considered 
insecure, even if it was a combination of letters, numbers, and special 
characters. In other words, Standard DES crypto is used :( 


Best Regards,
Tamer Hassan

API Question

vchkpw lacking authentication security

2 matches

Site Navigation

Mail list logo

Footer information