Roundcube Community Forum

 

Security Concern

Started by Nipon, July 14, 2007, 02:53:03 PM

Previous topic - Next topic

Nipon

Is RoundCube secure? The temp and log folders have to be chmodded to 777. these two folders were exploited by spammers on my site who inserted malicious files.

jak

It is a security issue, but not one with Roundcube specifically.
You do not need to chmod to 777, simply chown the directories to the user that your server runs under.
Typically for Apache this is "nobody" (an actual user called nobody)

Personally, I'd chmod 755, and chown nobody:nobody. You could make it more secure still.

Nipon

QuoteIt is a security issue, but not one with Roundcube specifically.
ya, agreed.

what was that u said - chown nobody:nobody i have no idea about this as i don't know apache. is this something i can manage?