[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-users] emails from other account to be seen
From: |
Dave Hall |
Subject: |
Re: [Phpgroupware-users] emails from other account to be seen |
Date: |
Fri, 24 Sep 2004 22:19:22 +1000 |
Hi Dirk,
I thought a little more about this.
Couple of questions to try to track it down:
session type: get or cookies - (does the url contain kp3=uwq89qcj29h7f)
do the effected user/s login to other accounts?
accounts system used? sql or ldap?
This info *might* help me track it down. If it is a security problem, I
will ensure it is fixed quicky, but first we need to know where to go
hunting and what test env is needed.
On Fri, 2004-09-24 at 22:11, Dirk H. Schulz wrote:
> Hi,
>
> --On Freitag, 24. September 2004 8:57 Uhr +0000 Guillaume Courtois
> <address@hidden> wrote:
>
> >> I am using 0.9.14.007 and have a security problem: Sometimes one user is
> >> shown some emails from the account of a different user - instead of his
> >> own emails. It is not reproducable, but it happens. I even managed to
> >> get a screenshot from that - so it is not a short time impression that
> >> can be wrong.
> >>
> >> Is this a known bug? Is it fixed in 0.9.16?
> >
> > Never heard of that ! I'm using phpGW for my everyday mail, and I've
> > never had this problem.
>
> The same with me. I never had this before, and I only have it in one
> certain instance of phpgroupware and with one pair of accounts. But since
> email app uses the courier imap server and since all is fine if I use this
> imap server via a classic MUA I think it must be a phpgroupware related
> problem.
>
> >
> > Maybe check the permissions of the mailbox files ? On what platform do you
> > have this ?
>
> Yes, I have checked these. But thinking of what I said above I think the
> problem cannot be with the underlying mail system. I think that phpgw
> somehow uses the login credentials of one account while I am logged in to
> the other account.
>
> That is really strange. But it is quite a security problem if it is not
> some kind of stupidity on my part.
>
> Does anyone have any idea on how to verify this?
>
--
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
Re: [Phpgroupware-users] emails from other account to be seen, Brian Johnson, 2004/09/24
Re: [Phpgroupware-users] emails from other account to be seen, Guillaume Courtois, 2004/09/24