On 12/28/2012 03:09 PM, Benny Pedersen wrote:
Reindl Harald skrev den 2012-12-28 20:37:
in the docroot configuration independent of any script running on the
host
start dokumenting it in ticket if its security problems in roundcube,
no need to be flameing personly
It is an interesting question, should this behaviour be default? It
seems that Roundcube works from a default non-secured senario and
expects those that want to secure it to know what to do.
I suspect you can open as many tickets as you choose, the developers
will most likely NOT take a secure by default posture.
We (the security area in the IETF) have worked on this for years to get
basic default security into protocol and application design. It is
tilting at windmills.
should not be impossible to do from geeks :)
_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users
_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users
