[rt-users] rt-mailgate and REST
Ruslan Zakirov
ruslan.zakirov at gmail.com
Fri Feb 2 09:23:26 EST 2007
wiki: MailGatewayAccessControl
On 2/2/07, Roy El-Hames <rfh at pipex.net> wrote:
> Hi there;
>
> rt-3.6.1 and apach2 mysql5 and exim4
>
> I have rebuilt my RT dev box copying stuff from the live system including the RT bits in exim.conf
> I forgot to change my
> data = "|/opt/rt3/bin/rt-mailgate --queue .... --url https://myrt.mycom.com/" so it was still pointing to my live system ..
> on submitting test messages/tickets these were created in the live system, which then occurred me that there is a potential flaw here, there is no authentication or restriction of any kind ..
> Generally the REST interface expects authentication from the client (supplied from rt.conf or .rtrc), how does the mailgate (which I guess /REST/1.0/NoAuth/mail-gateway) part of it authenticate ??
> Have anyone came across this? any solutions or suggestions ?
>
> Roy
>
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
--
Best regards, Ruslan.
More information about the rt-users
mailing list