yes, it uses ftp for both it's file manager and for it's email rules - not sure why yet on the email rules as I haven't got that far into the code yet.
and before Sherpath is a real good fit for SME it does need another authentication method . Pam prefferred. but several changes that I suggested to the sherpath team were in a new release several days later so it looks like they are willing to work with others to make a better product. And it looks like it is "skinable" so I can make it look very much like outlook for a client if I want to take the time to do it. Darrell May wrote: >Brandon Friedman <[EMAIL PROTECTED]> said: > >>Has anybody installed this on SME? >> >>It's need by Sherpath to use the SMS functions? >> > >Brandon I know you are spending a lot of time looking at Sherpath. I have >only had time to take a brief look but I did notice a few things of concern: > >- it appears to require ftp enabled for it's file management. This is >insecure and the main reason ftp is disabled under SME by default. > >- it appears to authenticate users via an admin defined mySQL database >table. IE it does not appear to tie into or use any existing SME system for >authentication. > >Has anyone else taken a further look at these security issues? > >Again I have not had time to look into the code. Maybe it is safe but at >this point I at least wanted to voice these concerns for devinfo discussion, >so comments are welcomed from those that have taken a deeper look. > >Regards, > >-- >Darrell May >DMC Netsourced.com >http://netsourced.com >http://myEZserver.com > > >-- >Please report bugs to [EMAIL PROTECTED] >Please mail [EMAIL PROTECTED] (only) to discuss security issues >Support for registered customers and partners to [EMAIL PROTECTED] >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org