In <[EMAIL PROTECTED]>, on 01/01/00 at
12:00 AM,
"Chris Maccioli" <[EMAIL PROTECTED]> said:
>As far as the gentleman who wrote the ODBC dll, what changes has he made,
>does it reconnect if the connection is lost? What still doesn't work?
Chris,
It does reconnect if the connection is lost. It also properly handles
simultaneous auth requests and fixes a serious security problem with SQL
server and IMail.
All issues are resolved with the 22-May version and IMail is performing
better than ever (but only 2500 users so far).
Let me try to put the security problem in perspective if you haven't
installed the fix:
YOU ARE VULNERABLE IF YOU RUN IMAIL+SQL SERVER!
At best someone could keep nuking your user database and you would be
able to keep reloading from your database backup until you install a fix.
At worst if IMail accesses SQL server through a privileged account
(very common setup), someone could easily own your machine within 30
seconds and not leave a trace that they were ever there. They would be
able to do anything they want from then on.
--
-----------------------------------------------------------
Mike Nice <[EMAIL PROTECTED]>
-----------------------------------------------------------
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
