[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Severe Security Problem Between Sites

Subject: RE: [cobalt-users] Severe Security Problem Between Sites
From: "Dan" <dan@xxxxxxxxxxxxx>
Date: Tue Mar 28 02:45:59 2000

> 3. Mail to wrong account
>
> If you setup additional domains within a virtual site (thus VirtualHosts
> in httpd), and enable mail for these domains, you may wonder that yet no
> mail is addressable for these domains, except to names which are users
> on the Cobalt! Having a user "u1" which actually belongs to domain1.tld
> and a VirtualHost domain2.tld - a mail to u1@xxxxxxxxxxx would go to u1
> of domain1.tld! Imagine, if u1 is something common like "webmaster" or
> "michael".
>
> It´s easy to fix, just add the right catch-all rules to the
> /etc/virtuserlist. But again, you break the UI-only admin advantage of
> the Cobalt.
>
Just don't set up common names for user ids. Use your first example, user1
for site1 and use aliases for the real email address such as
webmaster@xxxxxxxxxxxx This occurs on any virtual host setup with Linux that
I've seen.

--
Dan Kriwitsky

References:
- [cobalt-users] Severe Security Problem Between Sites
  - From: Michael Hoennig

Prev by Date: Re: [cobalt-users] Severe Security Problem Between Sites
Next by Date: Re: [cobalt-users] CGI-WRAPPER Warnings? Can I stop them?
Previous by thread: Re: [cobalt-users] Severe Security Problem Between Sites
Next by thread: Re: [cobalt-users] Severe Security Problem Between Sites

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index