[rt-users] CommandByMail: Fake Email Vulnerability?

Jesse Vincent jesse at bestpractical.com
Wed Feb 3 09:54:23 EST 2010




On Wed, Feb 03, 2010 at 01:19:51AM +0100, Eesti Mate wrote:
> Hello CommandByMail users,
> 
> how do you address the possibility that (in theory) everyone can change
> the status of tickets by faking the email address of a
> $CommandByMailGroup member? Does CommandByMail provide any kind of
> authentication options? Is there a best practice to prevent this sort of
> abuse?

In the past, we've used Email::Auth::GnuPg for CommandByMail for exactly
this reason.

 
> Kind regards
> Eesti
> 
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
> 
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
> 
> 2010 RT Training Sessions!
> San Francisco, CA, USA - Feb 22 & 23
> Dublin, Ireland - Mar 15 & 16
> Boston, MA, USA - April 5 & 6
> Washington DC, USA - Oct 25 & 26
> 
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
> Buy a copy at http://rtbook.bestpractical.com
> 

-- 



More information about the rt-users mailing list