Currently, there is no security on the pop3proxy, so anyone can
access the user interface from any computer, given a web browser
and knowledge of the ip address and port. Even if you didn't know the
port, figuring it out wouldn't necessarily be difficult. This allows
several operations that could be security problems, including
reading at least the first couple hundred characters of each mail
body.
It would seem that the correct solution is to
implement a challenge/authentication on the pop3proxy http
server.
Logged In: YES
user_id=44345
I don't think this is a problem. Just tell the webserver to listen on "localhost"
or "127.0.0.1", or maybe even "". Connections from remote hosts won't be accepted.
Logged In: YES
user_id=85414
[Tim Stone]
> Currently, there is no security on the pop3proxy
Not true - you can use the html_ui_allow_remote_connections
setting to reject connections from anywhere other than the local
machine. This is a bit draconian - as you say, we should have
a better solution - but it's not as bad as you make out.
Logged In: YES
user_id=645698
Ya, the problem here is that I might want to allow remote connections, but
I certainly don't want just anybody to be able to connect. Skip's
suggestion doesn't help here.
Logged In: YES
user_id=6845
What about middle-term solution ? A simple, handy solution
is similar to what many routers offer : just allow user to :
- set a list of trusted remote IPs
- set access to any remote IP
- reject any remote access
This is not hard to implement and should satisfy everybody.
Logged In: YES
user_id=552329
Sounds fine to me. If you write a patch, I'll check it in.
Logged In: YES
user_id=6845
Okay, I'll try to achieve this within the next few days.
Logged In: YES
user_id=552329
[ 790615 ] Allowed remote connections management
https://sourceforge.net/tracker/index.php?
func=detail&aid=790615&group_id=61702&atid=498105
Has a fix for this, and I've checked this in.
I don't think there is a need for a more complicated
challenge/authentication system, but if anyone wants to
submit one, go ahead!