http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5184
Summary: sql-based bayes and awl storage requires privileged
access to db
Product: Spamassassin
Version: 3.1.7
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Learner
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
It's possible that I've missed some important bit of configuration here, in
which case, consider this a bug against documentation.
AIUI, the recommended storage engine for Bayes data is now SQL; however, this
requires full SELECT, UPDATE, INSERT, DELETE access to the bayes tables. This
means that, to allow users to run their own bayesian learning, they must have
access to the entire table, which allows them to both see, and worse, alter,
other users' data. Similar problems occur for SQL-based AWL storage.
I'm not sure what the ideal fix for this would be, but one thought is that
learning could be supported by spamd. Then the SQL password could be stored in a
file only readable by the user running spamd. This would also have the
advantageous side-effect of speeding up learning.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
