Roundcube Community Forum

 

Roundcube Config - security concern

Started by nschul, July 30, 2013, 04:06:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

nschul

July 30, 2013, 04:06:03 PM
Okay, my account and post was deleted. It'd be nice to know what I did to deserve that.

As sated before, I have an issue with a client, that now seems to be resolved.

Issue: "Session expired or invalid."
Fix: $rcmail_config['ip_check'] = false;

I switched the ip_check to false from the default value it had, true.

What are the security concerns for doing this?

Thanks,
Neil

SKaero

#1
July 30, 2013, 05:22:49 PM
I may have accidentally deleted your account while removing spam users for which I give you my apologies. I didn't mean anything by it.

The ip_check setting is off by default since it can causes problems. It helps prevent session hijacking since you have to have the same ip address in order to use the session but its not a major problem to have it off, most RoundCube install don't have it enabled.
Print
Go Up Pages1
User actions