Am 31.01.2014 17:20, schrieb KT Walrus: >>> Lastly, I want to have an admin IMAP user that can login (only from >>> localhost) and access/update/create/delete >> do not setup such users, i don't know if it is possible > > Why? > > It should be safe if the admin IMAP user is restricted from logging in from a > limited number of IPs (e.g., localhost only access). IMAP abstracts the mail > store so my PHP scripts don’t need to know how the database is setup and how > to manipulate the data in the database to retrieve messages, update > mailboxes, etc. And, my PHP admin scripts should be much more portable in > case I want to migrate to another mail storage system (e.g. Dovecot). > > Anyway, I’d like to understand more why you say “do not setup such users” as > I currently think this is a reasonable thing to do and better than having my > scripts messing around directly in the backend db.
mostly because i am responsilble for security in my daily job and i am aware how easy it is to miss a not closed restrcition as well as in my definition of security the local network is handeled like a potential attacker doing so and only open as less as possible exeptions in the LAN leads finally to not get a problem by misconfiguration for the WAN side and thinking "ok that's possible because i sit where i sit" any "holes" and exceptions needs permanently reviewed and verified ______________________________________________________ the other component is a legal / privacy thing per definition i am not allowed to login as a user with access to his emails, but remove two of the three "trash"-incarnations or add folders for a backend which does not show messages is no problem - login as a user or as super-admin with access to every users mailbox enforces to ask everytime before do so
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DBmail mailing list DBmail@dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
