[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] neomail on RAQ02
- Subject: Re: [cobalt-security] neomail on RAQ02
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Fri, 23 Nov 2001 20:32:33 -0800
- Organization: nobaloney.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Taco Scargo wrote:
> Although I can understand you concern, I do not agree.
> Anyone could install a mailclient on their PC and enter bill.gates@xxxxxxxxxxxxx
> as their e-mail address. Is that a security issue ? I don't think so...
I see it as a bit more serious than that, Taco...
I've got two sites on my RaQ... www.site1.com and www.site2.com.
If a user with an account on site1.com logs into his account at
site2.com, he'll be able to log in successfully, and he'll still see his
mailboxes, etc. So he may _think_ he's got an account site2.com.
However, his return address will STILL be hisname@xxxxxxxxx on any email
he sends out.
So slightly different, and slightly more serious (imho) than you seem to
think.
> I am thinking about adding a control panel to neomail to configure this (allow
> or disallow), but I don't have much time at the moment, and I don't feel it is a
> serious issue.
Hmmmm.... this really isn't _your_ issue, Taco, since you didn't write
neomail. Does the available "isp" patch fix this problem? I don't
think so. Are you considering making your own patch? I'd like that
<smile>.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484