[Dovecot] Webmail Recommendation

Stephen Warren swarren at wwwdotorg.org
Fri Jan 11 06:00:30 EET 2008


Peter Eriksson wrote:
> All the suggested ones have just one big FAT problem - they are all 
> written in that security bug ridden language that the hackers just 
> love to exploit - PHP. Running a web application available to the 
> whole wide internet written in PHP is just asking for someone to break 
> into your
> systems.

This can be pretty easily solved - configure your web server to require 
HTTP authentication for the location where the PHP script is, configure 
the web server to use the same authentication source as webmail, and 
hack webmail to pick up the authentication from the web server instead 
of presenting a login prompt.

Pretty easy with apache and LDAP-based users, and squirrelmail at least...

But, if you don't do this, I totally agree.


More information about the dovecot mailing list