Dan Svoboda wrote:
> My network admin asked the following question when I asked him to let  
> his email server accept messages for forwarding from my xwiki server:
> 
> is your code secure? is there much chance that a malicious bot could  
> harvest email and start injecting messages through your server?
> 
> What should I tell him?

The mailsender plugin is public, meaning that any if someone can edit
wiki documents, it can write a script that uses the mailsender plugin
API to compose messages. If you don't trust your users, you should
consider disabling or deploying a modified version of this plugin. If
you trust your users and the edit rights are restricted only to your
users, XWiki is safe.
-- 
Sergiu Dumitriu
http://purl.org/net/sergiu/
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Reply via email to