Hi everybody,
I'm running roundcube on a shared webserver of a hosting service which brings a question to my mind concerning security: The hosting provider gives login credentials to its customers which are all hosted at the same domain (e.g. customer12@provider.com). As roundcube allows direct login to IMAP accounts I am afraid that other customers are able to login to "my" roundcube installation with their email-adress e.g. customer256@provider.com.
Is it possible to protect a roundcube installation so that only specified logins are enabled? So I want to be able to login with my account customer12@provider.com but want to prevent other customers of the same domain @provider.com to use roundcube. Simply I would do this with a .htaccess-file but a more elegant way would be preferable, I guess.
Thank you! Bea
On Mon, 04 Jul 2011 20:15:52 +0200, Whizart Whizart@gmx.de wrote:
Hi everybody,
I'm running roundcube on a shared webserver of a hosting service which brings a question to my mind concerning security: The hosting provider gives login credentials to its customers which are all hosted at the same domain (e.g. customer12@provider.com). As roundcube allows direct login to IMAP accounts I am afraid that other customers are able to login to "my" roundcube installation with their email-adress e.g. customer256@provider.com.
Is it possible to protect a roundcube installation so that only specified logins are enabled?
Are you worried about unwanted bogging down your rented server to get to their IMAP boxes?
How about: give your RC installation some unlikely URL and tell your authorized users not to share the URL.
If the other customers cannot guess the Round Cube installation's URL, they cannot use it.
If you are really worried about it, you might want to check into purchasing a static IP address for your slice of the VPS. The cost of my VPS is quite reasonable and it includes its own static IP address that is unique to my slice.
On Mon, 04 Jul 2011 20:15:52 +0200, Whizart wrote:
Hi everybody,
I'm running roundcube on a shared
webserver of a hosting service which
brings a question to my mind
concerning security:
The hosting provider gives login credentials to
its customers which are
all hosted at the same domain (e.g.
customer12@provider.com [1]). As
roundcube allows direct login to IMAP
accounts I am afraid that other
customers are able to login to "my"
roundcube installation with their
email-adress e.g.
customer256@provider.com [2].
Is it possible to protect a roundcube
installation so that only
specified logins are enabled? So I want to
be able to login with my account customer12@provider.com [3]
but want
to prevent other customers of the same domain @provider.com to
use
roundcube.
Simply I would do this with a .htaccess-file but a more
elegant way
would be preferable, I guess.
Thank you! Bea
[1] mailto:customer12@provider.com [2] mailto:customer256@provider.com [3] mailto:customer12@provider.com
On 04.07.2011 20:15, Whizart wrote:
Is it possible to protect a roundcube installation so that only specified logins are enabled?
Read about 'auto_create_user' option.