Search The ForumSearch   RegisterRegister  LoginLogin

AfterLogic WebMail Pro
 AfterLogic Forum : AfterLogic WebMail Pro
Subject Topic: vulnerability? Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
myself
Newbie
Newbie


Joined: 10 February 2011
Location: United Kingdom
Online Status: Offline
Posts: 10
Posted: 11 February 2011 at 3:34am | IP Logged Quote myself
New to AL WebMail and no expert in web site security, but I am surprised to see
that AL Webmail keeps a lot of executable code in the root web directory. Is
this not one big fat security vulnerability?

For example, I can point my browser to http://email.<domain> and get the regular
log-on screen. Nice. I can also point it to http://email.<domain>/COPYRIGHT and
get the copyright notice, etc.

I understand how .htaccess protects subdirectories. I am concerned about the
root folder.

Which steps did I miss to secure my installation?
Back to Top View myself's Profile Search for other posts by myself
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
Posted: 11 February 2011 at 4:14am | IP Logged Quote Igor
I totally agree that it's wise to have one entry point (index.php) in root dir, the problem is we didn't
use this approach initially, and now when the product has significantly evolved, it would take a huge
load of efforts to refactor all the code to suit the idea. On the other hand, there were too many files
there in root dir of older versions, and we had to do something about it. So we took a path of golden
mean, we only kept the files which are directly requested in a browser on particular situations. There
are some other files like COPYRIGHT but we don't think that direct access to them is a big problem.

--
Regards,
Igor, AfterLogic Support
Back to Top View Igor's Profile Search for other posts by Igor
 
myself
Newbie
Newbie


Joined: 10 February 2011
Location: United Kingdom
Online Status: Offline
Posts: 10
Posted: 11 February 2011 at 5:33am | IP Logged Quote myself
Ouch. I'll need to review exactly what is exposed in this manner. Hopefully I can
agree with you in that it is benign. Working on it...
Back to Top View myself's Profile Search for other posts by myself
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump

Powered by Web Wiz Forums version 7.9
Copyright ©2001-2004 Web Wiz Guide