Hello Johan,
JA> Not quite. More like "someone inspects your free car and finds a button
JA> that can make it explode. Maybe he pushes the button, maybe not. Maybe he
JA> pushes the button on someone else's car". Are you willing to take that
JA> risk? I can imagine two situations where that would be the case: either
Well, there is no button with a text like "press me here" -))))) for
the public.
If we are talking about the security of a product, we have several
things to take a look at. Internal security (a mailserver-only
solution, mailserver+webserver, n mailservers, persons who access the
mail queue as root). External security. Buffer overflows, chroot
problems, jail problems, password problems. Design specific topics,
what is secure, what is not secure, what can be implemented, what is
not secure.
As root i can read all the messages in clear text, sendmail or qmail -
a security risk????? An attack to privacy? Or just a design problem?
Or is it not a design problem, its just normal?
Security is relative.
--
Boris
