[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
imap4d LIST and DELETE
From: |
Sergey Poznyakoff |
Subject: |
imap4d LIST and DELETE |
Date: |
Tue, 22 May 2001 13:55:11 +0300 |
Is it right that issuing command
a002 LIST "/" *
a user can receive the *whole* directory hierarchy on the server? The
rfc2060 seems to be somehow misty about it, but it seems to be
a security compromise... Another security question: issuing
a002 DELETE filename
deletes the `filename' even if it is not a valid maildrop. Is IMAP4
supposed to operate on any regular files or just on maildrops? Maybe
we would be better off restricting the critical operations (like DELETE)
to valid maildrops only?
Cheers,
Sergey