ATM in MailboxManager [1] a mailbox is identified by a simple string. MailboxManagerProvider [2] provides access to Namespaces [3]. this object seems to be modeled strongly on RFC 2342. to use a Namespace [4], client code constructs a string by concatenation.
this seems a little inelegant to me. i am also worried about security. ATM it is possible to inject special mailbox names and gain access to other people's mailboxes. i wonder about introducing a MailboxName (with a explicit Namespace). perhaps Namespace could be altered into a factory. opinions? i'm also a little concerned about the possibility of SQL injection by a malign client. is this justified? if so, what's the right way to protected against this attack? - robert 1. http://svn.apache.org/repos/asf/james/server/trunk/core-library/src/main/java/org/apache/james/mailboxmanager/manager/MailboxManager.java 2. http://svn.apache.org/repos/asf/james/server/trunk/core-library/src/main/java/org/apache/james/mailboxmanager/manager/MailboxManagerProvider.java 3. http://svn.apache.org/repos/asf/james/server/trunk/core-library/src/main/java/org/apache/james/mailboxmanager/Namespaces.java 4. http://svn.apache.org/repos/asf/james/server/trunk/core-library/src/main/java/org/apache/james/mailboxmanager/Namespace.java --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
