[RCD] Update 0.9.1 released

A.L.E.C alec at alec.pl
Tue May 21 11:11:24 CEST 2013


On 05/21/2013 10:13 AM, Reindl Harald wrote:
>> - security
> 
> seriously?

Ok, this one was only for default PHP config. I'm not saying that PHP
session is less secure in general.

> you think you know more about security than me
> and how do secure vhosts - forget it!

No, I do not.

>> - scalability
> 
> this is a bad joke

but can you imagine two http servers using the same session (on another
machine)? or one http server using two db servers?

>> - no session file locking (parallel requests do not wait)
> 
> and no integrity and cleanups or how do you explain me the
> 5000 records in the session table on a server with a few
> users after some months?

Roundcube uses PHP's session garbage collector. If you disabled it then
it's your problem to clean old sessions. It of course might be a bug.

-- 
Aleksander 'A.L.E.C' Machniak
LAN Management System Developer [http://lms.org.pl]
Roundcube Webmail Developer  [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl


More information about the dev mailing list