Roundcube Community Forum
News and Announcements => General Discussion => Topic started by: ontnugtering on May 20, 2010, 01:52:04 AM
-
Hi,
read some information on cross site scripting, sql injection and such in "Better PHP Programming". I'm not saying I'm an expert here, but basically I understood. I'm very interested in the security of my mail, but before I review the code: Is it strengthened against such typical attacks?
Thanks! :)
Michael
-
RoundCube is strengthened against such attacks, in general there isn't much in RoundCube to hack because RoundCube just connects to a mail server. You wound have to hack into the mail server to get any emails.
-
RoundCube is strengthened against such attacks
OK, Thank you!
-
The goal doesnt have to be to get your mail. It could also just be to gain unauthorized access to the server that roundcube is running on. Then once they have access, modify the code to report login/password combinations to a remote url. So they can use those to spam.