james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject Local security issue?
Date Fri, 07 Jun 2002 19:47:54 GMT
Should we be warning admins that if the mail server has shell users or
network file visibility, they need to be sure to lock down the directory
containing the james logs, or at least the pop3server log?  The reason being
that all commands received are echoed to the log ... including the user's
password.

Alternatively, they could be told to change the logging level from DEBUG to
WARN.

Comments?

	--- Noel


--
To unsubscribe, e-mail:   <mailto:james-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:james-dev-help@jakarta.apache.org>


Mime
View raw message