[rt-devel] RT3: mail UTF-8 automatic conversion and GPG verification
Jesse Vincent
jesse at bestpractical.com
Thu Aug 14 18:29:38 EDT 2003
On Fri, Aug 15, 2003 at 12:23:25AM +0200, Guillaume Perral wrote:
> Maybe the signature verification could be done on the MDA side (rt-mailgate)
> which then pass information passed to RT via an additionnal parameter. This
> solution needs to make modifications in rt-mailgate,
> /REST/1.0/NoAuth/mail-gateway, RT::EmailParser and RT::Interface::Email...
I believe this would leave you vulernable to third-parties injecting
falsely valid messages between rt-mailgate and the REST API
> Another way is to keep a copy of the original MIME::Entity during the
> authentication process, but it can be painful with large attachements...
>
> Yet another solution is to make the UTF-8 conversion *after* authentication
> phase. I don't know if and how this could make things going bad, if it ever
> did.
It might result in butchered user-names in creation. But that could be
compensated for. I'd like autrijus input on this potential change. It
sounds the most reasonable
>
> Anyone ?
>
> Thanks,
> --
> _______________________________________________
> rt-devel mailing list
> rt-devel at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-devel
>
--
http://www.bestpractical.com/rt -- Trouble Ticketing. Free.
More information about the Rt-devel
mailing list