On 2006-04-02, at 0829, Rick Widmer wrote:
John Simpson wrote:On 2006-04-01, at 0547, Rick Widmer wrote:I was planning if you would like a way to see if a user exists without returning anything else...that's certainly a possibility, easy enough to add... should that be available to any client without authenticating first? or if it requires an authenticated session, should it be available to any user, or just the domain-admin for that domain, or only for a system- admin?I think it should just take any user/password combination and return OK if the user exists or ERROR, then exit. If you need to login to find out if a user exists programs will have to have login credentials in the script. Not a good idea.
so are you asking about "does this mailbox exist, yes or no", or are you asking about "is this the correct password for this mailbox, yes or no"?
if it's a simple existence check, do you want that information available to any client who connects to the service? especially if you are running the service on a non-localhost interface (or on 0.0.0.0) and aren't using a tcpserver access control file?
i'm not against it, i just think if we're going to add something like this, the documentation for creating a vpopmaild service should mention, very prominently, that this information is exposed to anybody who connects and that the user (system administrator setting up the service) should either run the service on 127.0.0.1 (as i do), or should have a tcpserver access control file which only allows authorized machines to connect.
http://qmail.jms1.net/patches/vpopmail.htmlI haven't been able to access the SourceForge CVS server for the last two days. I think they may have changed the rules, and may have found what I need to do in the docs... which is what I was doing when I stopped to answer these messages.I'll try to have this in 5.5 within a few days. I still need to see just what is different between 5.4 and 5.5.
it just occurred to me, i had never looked at the list of "developers" for the sourceforge page, i figured it was just inter7 people. i didn't realize you were able to commit code (when the CVS servers are working)... coolness.
-------------------------------------------------- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ <[EMAIL PROTECTED]> | -------------------------------------------------- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | --------------------------------------------------
PGP.sig
Description: This is a digitally signed message part
