Christian Gennerat wrote:
Stefan Hornburg a écrit :

A better solution is to either use https:// or restrict access to the webadmin
through your webserver.


Yes, but it would be better to specify a list of adddresses than to open webadmin
to the whole local network, as it is suggested by the HowTo:

If you are not using SSL on your Apache server, you will need to add /etc/courier/webadmin/unsecureok, so you will be able to use your web based administration tool.

*touch /etc/courier/webadmin/unsecureok*

I'm certain Apache accepts IPs for access control. unsecureok is only
a workaround. Enabling SSL isn't a big deal either.



And the proposed patch is not very expansive !


But IMHO is unnecessary. If you think otherwise, send please your patch 
upstream.

Bye
        Racke


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to