Author Topic: Roundcube Config - security concern (Read 3898 times)

nschul · « **on:** July 30, 2013, 04:06:03 PM »

Okay, my account and post was deleted. It'd be nice to know what I did to deserve that.

As sated before, I have an issue with a client, that now seems to be resolved.

Issue: "Session expired or invalid."
Fix: $rcmail_config['ip_check'] = false;

I switched the ip_check to false from the default value it had, true.

What are the security concerns for doing this?

Thanks,
Neil

SKaero · « **Reply #1 on:** July 30, 2013, 05:22:49 PM »

I may have accidentally deleted your account while removing spam users for which I give you my apologies. I didn't mean anything by it.

The ip_check setting is off by default since it can causes problems. It helps prevent session hijacking since you have to have the same ip address in order to use the session but its not a major problem to have it off, most RoundCube install don't have it enabled.

Author Topic: Roundcube Config - security concern (Read 3898 times)

nschul

Roundcube Config - security concern

SKaero

Re: Roundcube Config - security concern