[IMail Forum] Problem With Calendaring

[Norman J. Nolasco]

<disclaimer>If anyone thinks I should NOT be posting these weeknesses in this Forum, speak up and I'll stop.  I'm just thinking that you might want to be aware about this stuff before it hits you.</disclaimer>   There is a way to use the aforementioned embedded javascript thing to obtain the username and password for any iMail Calendar users WITHOUT redirecting them to another login screen.  I haven't tested this on the default templates, just KWM.  But this is definitely an iMail issue with the way they handle security.  Just opening the mail gets their username and password.   This is related to the fact that Calendaring has to run on a different port.  The security context is transferred to the "new server" insecurely.   There is another way to do "humorous" things like change the forwarding address, vacation settings, and the autoresponder for default template users (have not tested this on KWM).  The classic worm virus model can also be implemented by opening up the contacts pages with the same methods (I'm not touching that one, I have a preference for freedom).   Test page is at: http://209.16.59.28/test.asp   I'm taking it down if IPSwitch or any of the regulars here tell me to.  Personally, I'm just going to load the messages from a different server, filter out HTML, display it in a frame, and shut off web calendaring.   Thanks, Norm