On Mon, 04 Jul 2011 20:15:52 +0200, Whizart <[email protected]> wrote: > Hi everybody, > > I'm running roundcube on a shared webserver of a hosting service which > brings a question to my mind concerning security: > The hosting provider gives login credentials to its customers which are > all hosted at the same domain (e.g. [email protected]). As > roundcube allows direct login to IMAP accounts I am afraid that other > customers are able to login to "my" roundcube installation with their > email-adress e.g. [email protected]. > > Is it possible to protect a roundcube installation so that only > specified logins are enabled?
Are you worried about unwanted bogging down your rented server to get to their IMAP boxes? How about: give your RC installation some unlikely URL and tell your authorized users not to share the URL. If the other customers cannot guess the Round Cube installation's URL, they cannot use it. -- List info: http://lists.roundcube.net/users/ BT/8f4f07cd
