From: Thijs K. <ki...@us...> - 2005-12-04 00:09:51
|
Update of /cvsroot/squirrelmail/squirrelmail In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32472 Modified Files: Tag: SM-1_4-STABLE ChangeLog INSTALL Log Message: - Add doc/security.txt with some hints for a more secure installation. Feel free to improve/expand on this. - Add some info to INSTALL about register_globals Index: ChangeLog =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/ChangeLog,v retrieving revision 1.332.2.305 retrieving revision 1.332.2.306 diff -u -w -r1.332.2.305 -r1.332.2.306 --- ChangeLog 3 Dec 2005 08:32:03 -0000 1.332.2.305 +++ ChangeLog 4 Dec 2005 00:09:42 -0000 1.332.2.306 @@ -102,6 +102,7 @@ - Fixed ContentType object check in Rfc822Header class. E_NOTICE error in PHP 5.1. - Login and login error pages use default theme colors (#1366050). + - Add doc/security.txt with some hints for a more secure installation. Version 1.4.5 - 13 July 2005 ---------------------------- Index: INSTALL =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/INSTALL,v retrieving revision 1.32.2.12 retrieving revision 1.32.2.13 diff -u -w -r1.32.2.12 -r1.32.2.13 --- INSTALL 11 Sep 2005 23:14:48 -0000 1.32.2.12 +++ INSTALL 4 Dec 2005 00:09:42 -0000 1.32.2.13 @@ -68,6 +68,10 @@ Required for Japanese translation. Optional for translations that use non-ISO-8859-1 charset + It is highly advised to NOT turn on register_globals, as this can lead + to security holes. If you must use register_globals for some applications, + turn it on locally for only those directories, or turn it off for the + SquirrelMail folder. If you want your users to attach files to their mails, make sure File Uploads in php.ini is set to On. |