[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] neomail on RAQ02

Subject: RE: [cobalt-security] neomail on RAQ02
From: "Matthew Nuzum" <cobalt@xxxxxxxxxxxxx>
Date: Tue, 27 Nov 2001 10:22:44 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> > The only issue I agree on, is that users could
> > login to other site's neomail and download their mail, and therefore
not
> get
> > charged the bandwidth. This is the only real valid issue.
> 
> And I'll add that without major custom programming this is something
> we'll have to live with, and it's behavior that's NOT specific to the
> RaQs but pretty much to any linux implementation.
> 

Well, I don't use neomail myself, but if you want to restrict access to
user's of a particular site, you should be able to use one of the auth
mod's cobalt has built into apache.  For example: 

# Access file 
order allow,deny 
allow from all 
require group site1 
Authname "www.site1.com email board" 
Authtype Basic

This limits access to users from site1.  I don't know how easy it would
be to patch neomail to support http auth, but I'll bet it wouldn't be
too difficult.

Then, all you need is a .htaccess in the neomail folder.

Hope this helps,
Matt Nuzum
Bearfruit.org

Follow-Ups:
- Re: [cobalt-security] neomail on RAQ02
  - From: Jeff Lasman

References:
- Re: [cobalt-security] neomail on RAQ02
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-security] neomail on RAQ02
Next by Date: Re: [cobalt-security] neomail on RAQ02
Previous by thread: Re: [cobalt-security] neomail on RAQ02
Next by thread: Re: [cobalt-security] neomail on RAQ02

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index