Re: [Dovecot] Encryption solution for messages at rest

Wed, 30 Oct 2013 08:13:41 -0700 


Am 30.10.2013 15:54, schrieb Michael Orlitzky:
> On 10/30/2013 09:01 AM, Benny Pedersen wrote:
>> Michael Orlitzky skrev den 2013-10-28 20:49:
>>
>>>   php_admin_value open_basedir /var/www/$domain/$host/
>>>   php_admin_value upload_tmp_dir /var/www/$domain/$host/tmp
>>>   php_admin_value session.save_path /var/www/$domain/$host/tmp
>>>   php_admin_value sys_temp_dir /var/www/$domain/$host/tmp
>>
>> so dont create tmp upload dirs in webroot, this is classic way of 
>> showing no care
> 
> DocumentRoot is /var/www/$domain/$host/public

and so open_basedir should be the same and *not* include
"upload_tmp_dir" and "session.save_path", otherwise this
all is nonsense from security point of view

and to come back to topic:
do *not* install a public webserver on your mailserver - period

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to