On 12/28/2012 03:09 PM, Benny Pedersen wrote:
Reindl Harald skrev den 2012-12-28 20:37:
in the docroot configuration independent of any script running on the host
start dokumenting it in ticket if its security problems in roundcube, no need to be flameing personly
It is an interesting question, should this behaviour be default? It seems that Roundcube works from a default non-secured senario and expects those that want to secure it to know what to do.
I suspect you can open as many tickets as you choose, the developers will most likely NOT take a secure by default posture.
We (the security area in the IETF) have worked on this for years to get basic default security into protocol and application design. It is tilting at windmills.
should not be impossible to do from geeks :)
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users