On Mon, 04 Jul 2011 20:15:52 +0200, Whizart Whizart@gmx.de wrote:
Hi everybody,
I'm running roundcube on a shared webserver of a hosting service which brings a question to my mind concerning security: The hosting provider gives login credentials to its customers which are all hosted at the same domain (e.g. customer12@provider.com). As roundcube allows direct login to IMAP accounts I am afraid that other customers are able to login to "my" roundcube installation with their email-adress e.g. customer256@provider.com.
Is it possible to protect a roundcube installation so that only specified logins are enabled?
Are you worried about unwanted bogging down your rented server to get to their IMAP boxes?
How about: give your RC installation some unlikely URL and tell your authorized users not to share the URL.
If the other customers cannot guess the Round Cube installation's URL, they cannot use it.