Dan Svoboda wrote:
> My network admin asked the following question when I asked him to let  
> his email server accept messages for forwarding from my xwiki server:
> is your code secure? is there much chance that a malicious bot could  
> harvest email and start injecting messages through your server?
> What should I tell him?

The mailsender plugin is public, meaning that any if someone can edit
wiki documents, it can write a script that uses the mailsender plugin
API to compose messages. If you don't trust your users, you should
consider disabling or deploying a modified version of this plugin. If
you trust your users and the edit rights are restricted only to your
users, XWiki is safe.
Sergiu Dumitriu
users mailing list

Reply via email to