The issue about sql login being compiled in also brings up another issue.. By putting the sql information into a ~vpopmail/etc file it solves the issue as long as all email domains are owned by vpopmail. If any domains are under a non-vpopmail user, then the sql information file needs to be readable by all. In that case I would recomend not allowing shell access, and chrooting ftp access to a users home directory.
This is an interesting point and I'd love to find a clean solution to this issue.
Are you saying that it's possible to run some of the vpopmail utilities as a user other than root or vpopmail? I figured that for the add/del/mod domain commands, you'd have to be root since they modify qmail control files. When running vchkpw on a system that uses cdb, it needs read access to the vpasswd file in the domain directory.
Can anyone think of other apps that have to deal with the issue of storing MySQL login information securely?
-- Tom Collins [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/