Geo Carncross wrote: > SQL injection is only one kind of attack- if DBMail can be controlled by > other means, a user (perhaps: an anonymous one) might have access to > _all_ mail, and might have access to damage all mail.
Amen. Like how many users have their dbmail.conf world-readable? Perhaps dbmail should simply refuse to operate if dbmail.conf is opened up too wide. -- ________________________________________________________________ Paul Stevens paul at nfg.nl NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31 The Netherlands________________________________http://www.nfg.nl
