> There is a function that provides authentication:
>     vpasswd( user, domain, password, is_apop )
> that returns the user's password info if valid, or 0.
> The problem is, if you can execute the vpopmail library at all, you can
> execute every function within it.  This is how QmailAdmin checks to see
> what you are allowed to do when you login.

Thanks for both of your responses Rick, very helpful.

Could you, or someone, point me toward where I can read about what these
already built in rules are, and how they're defined and stored in the
database?  I'm assuming this would be "pw_gid" documentation, or code
comments, or something similar?

Thanks again,

Reply via email to