james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Hammant <Paul_Hamm...@yahoo.com>
Subject Re: Local security issue?
Date Fri, 07 Jun 2002 20:53:06 GMT
Noel,

Perhaps passwords shouldnot be echoed to the log. ***** instead ?

-ph

>Should we be warning admins that if the mail server has shell users or
>network file visibility, they need to be sure to lock down the directory
>containing the james logs, or at least the pop3server log?  The reason being
>that all commands received are echoed to the log ... including the user's
>password.
>
>Alternatively, they could be told to change the logging level from DEBUG to
>WARN.
>
>Comments?
>
>	--- Noel
>
>
>--
>To unsubscribe, e-mail:   <mailto:james-dev-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail: <mailto:james-dev-help@jakarta.apache.org>
>
>
>
>  
>




--
To unsubscribe, e-mail:   <mailto:james-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:james-dev-help@jakarta.apache.org>


Mime
View raw message