LOEWENTHAL Simon wrote:
Hi there everyone,
I would like to know of any security precautions that should be implemented for SQ, such as exploitable directory permissions etc., I ask as I've installed SQ on our future webmail server and would like to make sure that its secure enough afore I let the world access.
1) ensure that you have minimum permissions on data directory necessary for SM to work. see docs/website.
2) think about making users log in with SSL (secure_login plugin)
3) if you use change password plugins, evaluate how secure they are (different for each plugin)
4) move data/attach dirs out of htdocs tree
5) not much else, at least in a standard installation... most security concerns depend on what plugins you are running methinks
6) evaluate if you want to tighten php security ala safe_mode, etc. - be aware of all implications before doing so
------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php -- squirrelmail-users mailing list Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines List Address: [EMAIL PROTECTED] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
