Hi there;
rt-3.6.1 and apach2 mysql5 and exim4
I have rebuilt my RT dev box copying stuff from the live system including the
RT bits in exim.conf
I forgot to change my
data = "|/opt/rt3/bin/rt-mailgate --queue .... --url https://myrt.mycom.com/"; so it was still pointing to my live system ..
on submitting test messages/tickets these were created in the live system,
which then occurred me that there is a potential flaw here, there is no
authentication or restriction of any kind ..
Generally the REST interface expects authentication from the client (supplied
from rt.conf or .rtrc), how does the mailgate (which I guess
/REST/1.0/NoAuth/mail-gateway) part of it authenticate ??
Have anyone came across this? any solutions or suggestions ?
Roy
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
