Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. User
a SECURE webmail
faccenda at gmx
Oct 1, 2004, 11:14 AM
Post #1 of 6 (793 views)
Permalink
Hi all,

I need to install a webmail and it's first requisite is to be SECURE.

I know IMP, Squirrelmail and lot more... but I just don't know which one
is more secure than other...

Is there a webmail project that has security as a priority?

[]'s
Mauro


--
gentoo-user@gentoo.org mailing list
Re: a SECURE webmail [ In reply to ]
norberto+gentoo-user at bensa
Oct 1, 2004, 11:17 AM
Post #2 of 6 (789 views)
Permalink
Mauro Faccenda wrote:
> I need to install a webmail and it's first requisite is to be SECURE.

Define SECURE.

If you need encryption, use SSL.

--
gentoo-user@gentoo.org mailing list
Re: a SECURE webmail [ In reply to ]
faccenda at gmx
Oct 1, 2004, 12:19 PM
Post #3 of 6 (788 views)
Permalink
Norberto Bensa wrote:
> Mauro Faccenda wrote:
>
>>I need to install a webmail and it's first requisite is to be SECURE.
>
>
> Define SECURE.
>
> If you need encryption, use SSL.

I meant that it hasn't security holes (or if it has, the development
team, fixes it quickly).
Not only the fact of using encrypted data transfers. It isn't a webmail
'feature'.

--
gentoo-user@gentoo.org mailing list
Re: a SECURE webmail [ In reply to ]
sgtphou at fire-eyes
Oct 1, 2004, 12:25 PM
Post #4 of 6 (792 views)
Permalink
On Fri, 2004-10-01 at 15:14 -0300, Mauro Faccenda wrote:
> Hi all,
>
> I need to install a webmail and it's first requisite is to be SECURE.
>
> I know IMP, Squirrelmail and lot more... but I just don't know which one
> is more secure than other...
>
> Is there a webmail project that has security as a priority?

Unfortunately, "webmail" and "security" are polar opposites. I don't
know of a way to operate such a system, and not further open yourself up
to problems. Just my thoughts.

I guess if I were forced to, I would make sure to run apache as strictly
as possible (chroot and all that), use SSL only, and run it on a non-
standard port.



--
gentoo-user@gentoo.org mailing list
Re: a SECURE webmail [ In reply to ]
billy at gonoph
Oct 1, 2004, 12:32 PM
Post #5 of 6 (792 views)
Permalink
Mauro Faccenda wrote:

> I meant that it hasn't security holes (or if it has, the development
> team, fixes it quickly).
> Not only the fact of using encrypted data transfers. It isn't a webmail
> 'feature'.

I doubt you'll find a secure webmail, though I'm sure there are some
that don't have as many incident reports.

However, the lack of incidents or flaws may mean it's more "secure", or
it may mean that (1) not enough people are looking at the code to find
them, (2) it's too messy of code for people to understand it.

I've enjoyed sqwebmail, but it's been years since I've used it. I know
of several commercial hosting companies that offer sqwebmail to their
hosting customers (if you're looking for affirmation from commercial usage).

--
gentoo-user@gentoo.org mailing list
Re: a SECURE webmail [ In reply to ]
haimat at lame
Oct 4, 2004, 5:06 AM
Post #6 of 6 (789 views)
Permalink
---------- quoting Mauro Faccenda ----------
> I meant that it hasn't security holes (or if it has, the development
> team, fixes it quickly).

I would say the Squirrelmail devs are very quick in fixing errors, when
it's posted to bugtraq or similar. I use it and had no problems so far...

Greetings, Matthias

--
I'm not a bad guy. I work hard and I love my kids. So why should I spend
half my Sunday hearing about how I'm going to Hell?

-- Homer Simpson
Homer the Heretic

--
gentoo-user@gentoo.org mailing list

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal