[prev in list] [next in list] [prev in thread] [next in thread]
List: kolab-devel
Subject: Re: [Kolab-devel] custom Kolab 2.2 patch adding new features for
From: Martin Konold <martin.konold () erfrakon ! de>
Date: 2009-03-10 12:45:55
Message-ID: 200903101345.56260.martin.konold () erfrakon ! de
[Download RAW message or body]
Am Dienstag, 10. März 2009 10:36:15 schrieb Martin Zapfl:
> This is just a security feature for webadmin. As access to kolab webadmin
> may be public a login with e-mail address and weak password for others is
> possible. Therefor login access may be restricted for logging in only with
> UID.
>
> It can be enabled or disabled in
> /kolab/var/kolab/php/admin/include/config.php
So the idea is that it is easier to guess the email address than the uid which
is supposed to provide extra security?
(Actually the security should be gained by a hard to guess password(*) instead
of a hard to guess uid/email-address!?)
Regards,
-- martin
(*) I would prever a patch which helps to enforce strong passwords compared to
the feature to "disable email-address" for login.
--
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Sitz: Adolfstraße 23, 70469 Stuttgart, Partnerschaftsregister Stuttgart PR 126
http://www.erfrakon.com/
_______________________________________________
Kolab-devel mailing list
Kolab-devel@kolab.org
https://kolab.org/mailman/listinfo/kolab-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic