Author Topic: xss, sql injection and such...  (Read 2741 times)

Offline ontnugtering

  • Jr. Member
  • **
  • Posts: 25
xss, sql injection and such...
« on: May 20, 2010, 01:52:04 AM »
Hi,

read some information on cross site scripting, sql injection and such in "Better PHP Programming". I'm not saying I'm an expert here, but basically I understood. I'm very interested in the security of my mail, but before I review the code: Is it strengthened against such typical attacks?

Thanks! :)

Michael

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
xss, sql injection and such...
« Reply #1 on: May 20, 2010, 02:01:31 AM »
RoundCube is strengthened against such attacks, in general there isn't much in RoundCube to hack because RoundCube just connects to a mail server. You wound have to hack into the mail server to get any emails.

Offline ontnugtering

  • Jr. Member
  • **
  • Posts: 25
xss, sql injection and such...
« Reply #2 on: May 20, 2010, 02:35:23 AM »
Quote from: skaero;27541
RoundCube is strengthened against such attacks
OK, Thank you!

Offline corbosman

  • Sr. Member
  • ****
  • Posts: 260
xss, sql injection and such...
« Reply #3 on: May 20, 2010, 04:12:12 AM »
The goal doesnt have to be to get your mail. It could also just be to gain unauthorized access to the server that roundcube is running on. Then once they have access, modify the code to report login/password combinations to a remote url. So they can use those to spam.