Am 06.01.2013 23:51, schrieb Geert Wirken: > On 01/06/2013 06:55 PM, Reindl Harald wrote: >> then it is a bug >> >> includes have to make sure that they are NEVER called diretly >> >> especially if they are throwing errors which may lead to a DOS >> attack by filling the filesystem with logs and if someone as good >> reportings the mailserver too > > We're talking about a script in the /installation/ directory which > should be removed after installing Roundcube, which makes the > probability of a successful DoS attack significantly smaller...
a bug is a bug you can hope everbody removes /installation/ or make it secure by design - what do you think is the better choice? most users of any software still have no knowledge at all this was always so and will not change in the near future
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Roundcube Development discussion mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/dev
