Don't blame Fritz for not answering. I think "what" is asked is the very reason it is impossible to answer.
Of course there is a chance ASSP could be compromised, as with any software that is connected. I think the real question should not be "could it ever?", as much as, "if it ever?" Is it reasonable to think that ASSP could be fixed in a timely manner if compromised? I think the level of involvement in the project is a good indicator that yes, it is reasonable to assume that if there was a security hole found it would be fixed relatively quickly. (This has happened in ASSP history v0.3.3 and v 1.2.4 both had security updates released within days of discovery, though niether one would have allowed the server to be compromised.) As far as "what is the worst case?" there is no way to know 100% but that is the case with any software, hence Fritz's hesitancy to answer the question. There is no way to be 100% sure, but by understanding what ASSP does one can make some assumptions based on normal operating conditions. This of course doesn't account for incorrectly configured servers and firewalls which is the major source of most security problems. So as I stated before ASSP being a proxy limits what can be done to an email and it be effective to exploit ASSP. ASSP also adheres to all applicable RFC standards for email, this in itself makes it more secure than some other software. If your server is properly configured there should only be limited secure access to the web interface, and ASSP should be running in a secure space on your server, this will make it more difficult for someone to "root kit" your server even if ASSP were to be somehow compromised. So to not answer your question :-) ASSP is secure. As secure as any, mature, well reviewed, tested, widely used, server based application connected to the Internet can be. Which of course is another question entirely as to how secure that is! Ged -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Marcus Sent: Friday, January 26, 2007 9:33 AM To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy Subject: Re: [Assp-user] Questions regarding code-quality and (in)security of ASSP... Fritz Borgstedt wrote: >> Could ASSP ever > Please refrain from this time wasting discussion. I cannot answer it > honestly, that is why this was "asked". I actually consider this a > smear attack and think it is proving that ASSP is far ahead now ))). I'm disappointed, Fritz. I thought it was - and still is - a valid question. -- Best regards, Charles ------------------------------------------------------------------------ - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE V _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
