[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

imap4d LIST and DELETE

From: Sergey Poznyakoff
Subject: imap4d LIST and DELETE
Date: Tue, 22 May 2001 13:55:11 +0300

Is it right that issuing command

  a002 LIST "/" *

a user can receive the *whole* directory hierarchy on the server? The
rfc2060 seems to be somehow misty about it, but it seems to be
a security compromise... Another security question: issuing

  a002 DELETE filename

deletes the `filename' even if it is not a valid maildrop. Is IMAP4
supposed to operate on any regular files or just on maildrops? Maybe
we would be better off restricting the critical operations (like DELETE)
to valid maildrops only?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]