> There is a function that provides authentication:
>
>     vpasswd( user, domain, password, is_apop )
>
> that returns the user's password info if valid, or 0.
>
> The problem is, if you can execute the vpopmail library at all, you can
> execute every function within it.  This is how QmailAdmin checks to see
> what you are allowed to do when you login.
>

Thanks for both of your responses Rick, very helpful.

Could you, or someone, point me toward where I can read about what these
already built in rules are, and how they're defined and stored in the
database?  I'm assuming this would be "pw_gid" documentation, or code
comments, or something similar?

Thanks again,
Paul

Reply via email to