[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Virtusertable, SiteAdmins and accept-email-for-domain...
- Subject: Re: [cobalt-users] Virtusertable, SiteAdmins and accept-email-for-domain...
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Thu Jul 13 21:38:20 2000
- Organization: nobaloney.net
Jan Tietze wrote:
> Alright, but the real issue here is that not adding such an error redirection
> automatically whilst providing site administrators with the infamous
> "accept-email-for-domain" checkbox leads to a possible security compromise,
> which in reality means that I can be anyone I want *in another domain* on the
> same RaQ3. Also, reporting the error can be done directly by a mapping in the
> virtusertable (map to "error:No such user for this domain") using custom error
> messages.
We've never had the problem. Of course we've never used "real"
usernames; all our usernames on our RaQ2 are codes. On our RaQ3 we do
use real user names (we use it as a mail-server for several ISPs), but
we have full control over what can and can't be created, and we have an
error message set up for each ISP.
I was not aware that the behavior of 8.9.3 differed from that in 8.8.x
(as detailed in the O'Reilly book), thanks, Robert, for that
information.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA 92517
voice: (909) 787-8589 * fax: (909) 782-0205