[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Re: NeoMail 1.25
- Subject: Re: [cobalt-users] Re: NeoMail 1.25
- From: David Thurman <dthurman@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri Sep 21 09:33:41 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
on 9-21-01 4:55 PM, Revd leonard payne at vicarage@xxxxxxxxxxxxxx was
reported to have made a statement that said this:
> on 21/9/01 1:44 PM, Joe Boise at my_hidden_email@xxxxxxxxx mumbled something
> like:
>
>> I just installed the NeoMail 1.25 and was testing
>> the program and found what I think is a bug.
>> John Doe who runs www.site1.com can login via
>> another site on the same server (for example
>> www.site2.com/neomail/). Then John enters his
>> username/password combo (for site1) and he is
>> granted access even though he is not associated
>> with www.site2.com. It looks like John can now
>> send messages as john@xxxxxxxxxx
>>
>> This seems this might be a security issues to me?
>>
>> Anyone else notice this?
>
>
>
> This is not a bug it is a feature.
>
> According to the gospel according to Cobalt, you can only use the same user
> once per box - rather than once per virtual site. Therefore logging on via
> another site would work. It still hits the same POP engine it seems to me (a
> linux novice)
>
> I reckon the same would happen if you used a regular POP client.
> Give it a try and post again - or shoot me down .
>
>
> Blessings
>
> Revd Leonard
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
I just tested your theory with mail client on my Mac using a different email
address then what is assigned to the username.
You win a cookie. It worked.
--
Thank you,
David E Thurman
Web Presence Group
309.676.5688
dthurman@xxxxxxxxxxxxxxxxxxxx
http://www.webpresencegroup.net