Sigh. I guess that I have to answer this.
The statement that UW imapd is "insecurity [sic] by design (it was not
created with security in mind" is silly. That's like saying that scp and
ssh are "insecure by design" -- after all, you can do:
scp somesystem:/etc/passwd haha
to any system that gives you access.
Whenever you install any service which allows named access to files, you
have to review what that service's access control rules are and assume,
unless told otherwise, that only the operating system's access controls
are in effect.
With UW imapd, that assumption is correct. By default, only the operating
system's access controls are in effect. UW imapd adds no additional
access controls. If you want additional access controls in UW imapd over
and above what the operating system provides, you must add them. The FAQ
documents ways that this can be done.
For many systems, no additional access controls are needed or desired.
The web page FAQ documents some mechanisms for additional access controls
that are new in imap-2002. The FAQ was rewritten in HTML for imap-2002 (a
great relief to our web mistress who was getting tired of repeatedly
hacking the text FAQ into a form suitable for the web page!), and thus the
web page FAQ is slightly ahead of the release version. However, you can
get the current development snapshot of imap-2002 from:
ftp://ftp.cac.washington.edu/mail/imap-2002.DEV.tar.Z
The bit about Cygwin and \ checking is a Cygwin issue. \ is an ordinary
filename character in UNIX, not a directory delimiter. If Cygwin is to
emulate the UNIX environment under Windows it must emulate UNIX's \ as
well. It is not the responsibility of UNIX programs to know about Windows
directory delimiters.
There is a separate Windows port of the IMAP toolkit which does not use
Cygwin; instead, it uses native Windows and C library calls and uses the
Windows \ delimiter. However, as the documentation indicates, UW imapd
built for Windows is not intended as a plug-and-play Windows IMAP server
but rather as a basis for developing a Windows IMAP server.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
