24 Apr
2014
24 Apr
'14
12:52 a.m.
Reindl Harald:
that attacks are not relevant for email because they rely on the way a webbrowser works which is not the case for a mail client - you can't trigger XSS and Ajax in a MUA
sure, that may be right, but
We manage numerous public available services. And every time we go through our
Qualys reports I have to explain this message from Qualys as not
relevant/harmless/cannot change.
It takes time to describe this fact again and again to our it-security people.
And there are many other people in the same situation like me... That's my main intention to ask how to disable ssl compression in dovecot.
Andreas