egroupware/doc/SECURITY

19 lines
1.0 KiB
Plaintext
Raw Normal View History

2000-08-18 05:24:22 +02:00
First off, I would not recommend using this in a type of enviroment that
security is a really big concern. I am *NOT* saying that you shouldn't be
concerned about it, but, until the system is thoughly tested. I would not
recommend it.
Becuase of the current methods that the email system works. It is required
that the users password is in the sessions table. IMAP needs the password
to verify the user. This is one of the main reasons for the stalesessions
program. I do not like keeping passwords in any medium that is not encryped.
The email system stores its file attachments in a temp directory. For right
now, you need to watch this directory because it can fill up very quickly.
If a user does not finsh composing the message (going else where in the program, internet connection dieing, browser crash, etc) the file will sit there until
it is deleted. There will be a simple cron program to go through and clean
things up.
Besides this, there is nothing else that I am aware of. Let me know if you
find anything.