> ...a hacker who knows the operating system, in this case Windows, > can hack the interface, via the web browser, and gain total control > over a server - gaining everyone's e-mail address and password...
Er, no. A hacker _who can find vulnerabilities in the web interface_ that allow him/her to attempt to execute preinstalled local code and/or inject arbitrary code will be able to make such attempts using administrative privileges, giving such attempts nearly guaranteed success. But solely "know[ing] the operating system" does not mean you can "hack the interface" to make such attempts. While you have an underlying understanding of the issue, your way of expressing your concern is just FUD. Please disclose the known vulnerabilities in a working, up-to-date IMail/IIS installation with the highest Ipswitch-supported level of security that allow you to execute code of your choice in the context of the web server. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html