[rt-users] CommandByMail: Fake Email Vulnerability?
Jesse Vincent
jesse at bestpractical.com
Wed Feb 3 09:54:23 EST 2010
On Wed, Feb 03, 2010 at 01:19:51AM +0100, Eesti Mate wrote:
> Hello CommandByMail users,
>
> how do you address the possibility that (in theory) everyone can change
> the status of tickets by faking the email address of a
> $CommandByMailGroup member? Does CommandByMail provide any kind of
> authentication options? Is there a best practice to prevent this sort of
> abuse?
In the past, we've used Email::Auth::GnuPg for CommandByMail for exactly
this reason.
> Kind regards
> Eesti
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
> 2010 RT Training Sessions!
> San Francisco, CA, USA - Feb 22 & 23
> Dublin, Ireland - Mar 15 & 16
> Boston, MA, USA - April 5 & 6
> Washington DC, USA - Oct 25 & 26
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
--
More information about the rt-users
mailing list