Dan Svoboda wrote: > My network admin asked the following question when I asked him to let > his email server accept messages for forwarding from my xwiki server: > > is your code secure? is there much chance that a malicious bot could > harvest email and start injecting messages through your server? > > What should I tell him?
The mailsender plugin is public, meaning that any if someone can edit wiki documents, it can write a script that uses the mailsender plugin API to compose messages. If you don't trust your users, you should consider disabling or deploying a modified version of this plugin. If you trust your users and the edit rights are restricted only to your users, XWiki is safe. -- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ users mailing list email@example.com http://lists.xwiki.org/mailman/listinfo/users