Hi Dirk,
I thought a little more about this.
Couple of questions to try to track it down:
session type: get or cookies - (does the url contain kp3=uwq89qcj29h7f)
do the effected user/s login to other accounts?
accounts system used? sql or ldap?
This info *might* help me track it down. If it is a security problem, I
will ensure it is fixed quicky, but first we need to know where to go
hunting and what test env is needed.
On Fri, 2004-09-24 at 22:11, Dirk H. Schulz wrote:
> Hi,
>
> --On Freitag, 24. September 2004 8:57 Uhr +0000 Guillaume Courtois
> <address@hidden> wrote:
>
> >> I am using 0.9.14.007 and have a security problem: Sometimes one
> >> user is shown some emails from the account of a different user -
> >> instead of his own emails. It is not reproducable, but it happens.
> >> I even managed to get a screenshot from that - so it is not a short
> >> time impression that can be wrong.
> >>
> >> Is this a known bug? Is it fixed in 0.9.16?
> >
> > Never heard of that ! I'm using phpGW for my everyday mail, and I've
> > never had this problem.
>
> The same with me. I never had this before, and I only have it in one
> certain instance of phpgroupware and with one pair of accounts. But
> since email app uses the courier imap server and since all is fine if
> I use this imap server via a classic MUA I think it must be a
> phpgroupware related problem.
>
> >
> > Maybe check the permissions of the mailbox files ? On what platform
> > do you have this ?
>
> Yes, I have checked these. But thinking of what I said above I think
> the problem cannot be with the underlying mail system. I think that
> phpgw somehow uses the login credentials of one account while I am
> logged in to the other account.
>
> That is really strange. But it is quite a security problem if it is not
> some kind of stupidity on my part.
>
> Does anyone have any idea on how to verify this?
>
--
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
_______________________________________________
Phpgroupware-users mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/phpgroupware-users