xss, sql injection and such...

ontnugtering · May 20, 2010, 01:52:04 AM

Hi,

read some information on cross site scripting, sql injection and such in "Better PHP Programming". I'm not saying I'm an expert here, but basically I understood. I'm very interested in the security of my mail, but before I review the code: Is it strengthened against such typical attacks?

Thanks!

Michael

SKaero · May 20, 2010, 02:01:31 AM

RoundCube is strengthened against such attacks, in general there isn't much in RoundCube to hack because RoundCube just connects to a mail server. You wound have to hack into the mail server to get any emails.

ontnugtering · May 20, 2010, 02:35:23 AM

Quote from: skaero;27541RoundCube is strengthened against such attacks

OK, Thank you!

corbosman · May 20, 2010, 04:12:12 AM

The goal doesnt have to be to get your mail. It could also just be to gain unauthorized access to the server that roundcube is running on. Then once they have access, modify the code to report login/password combinations to a remote url. So they can use those to spam.

xss, sql injection and such...

ontnugtering

SKaero

ontnugtering

corbosman