On 2014-10-07 13:05, Robert Moskowitz wrote:
Of course roundcubemail is its own set of problems, but I do have to
provide web imap email.
Roundcube isn't really that problematic, I've been running it for
years. Having said that, I run it on a dedicated VServer instance,
so any scope for damage even if it did turn out to have an exploit
is very limited.
And when I was first testing Roundcube about 1.5 years ago, I detected
a problem in their conf and recommended:
php_admin_flag session.cookie_secure "1"
and got yelled down! A couple others agreed that this should be the
default. I will have to see if the new build does this.
I only ever run it on a https only virtual host, so didn't see
this as a big deal.
I generally prefer to use VServer/LXC/OpenVZ to isolate
instances if I need to have things running efficiently
on a single machine. It mitigates at least some types of
possible attack. Of course, those require rebuilding
the kernel with suitable patches, if they are not already
in the kernel you are using...
I run separate hardware for each purpose; why I am so interested in
arm platforms. Then TRY and have as little other stuff as possible.
I move SSH to another port, just to keep the rift-raft away. And
whatever else I learn.
It's a valid approach , but it does increase the machine
sprawl. VServer helps keep that under control.
Gordan
_______________________________________________
users mailing list
[email protected]
http://lists.redsleeve.org/mailman/listinfo/users
