html output code. If third party code displays errors from address
book object in html, errors must be sanitized and ASCII line feeds
should be converted to html line breaks.
+ - Add note to conf.pl / config_default.php to warn users that set
+ sensitive passwords in that file to properly secure it.
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------
sub command61 {
print "You can now define different LDAP servers.\n";
+ print "Please ensure proper permissions for config.php when including\n";
+ print "sensitive passwords.\n\n";
print "[ldap] command (?=help) > ";
$input = <STDIN>;
$input =~ s/[\r\n]//g;
print "you need to set this DSN to a valid value. The format for this is:\n";
print "mysql://user:pass\@hostname/dbname\n";
print "Where mysql can be one of the databases PHP supports, the most common\n";
- print "of these are mysql, msql and pgsql\n";
+ print "of these are mysql, msql and pgsql.\n";
+ print "Please ensure proper permissions for config.php when including\n";
+ print "sensitive passwords.\n\n";
print "If the DSN is left empty (hit space and then return) the database\n";
- print "related code for address books will not be used\n";
+ print "related code for address books will not be used.\n";
print "\n";
if ( $addrbook_dsn eq "" ) {
print "you need to set this DSN to a valid value. The format for this is:\n";
print "mysql://user:pass\@hostname/dbname\n";
print "Where mysql can be one of the databases PHP supports, the most common\n";
- print "of these are mysql, msql and pgsql\n";
+ print "of these are mysql, msql and pgsql.\n";
+ print "Please ensure proper permissions for config.php when including\n";
+ print "sensitive passwords.\n\n";
print "If the DSN is left empty (hit space and then return) the database\n";
- print "related code for address books will not be used\n";
+ print "related code for address books will not be used.\n";
print "\n";
if ( $prefs_dsn eq "" ) {
print "you need to set this DSN to a valid value. The format for this is:\n";
print "mysql://user:pass\@hostname/dbname\n";
print "Where mysql can be one of the databases PHP supports, the most common\n";
- print "of these are mysql, msql and pgsql\n";
+ print "of these are mysql, msql and pgsql.\n";
+ print "Please ensure proper permissions for config.php when including\n";
+ print "sensitive passwords.\n\n";
print "If the DSN is left empty (hit space and then return) the database\n";
- print "related code for global SQL address book will not be used\n";
+ print "related code for global SQL address book will not be used.\n";
print "\n";
if ( $addrbook_global_dsn eq "" ) {
* conf.pl if at all possible. That is the easiest and cleanest way
* to configure.
*
+ * Note on SECURITY: some options require putting a password in this file.
+ * Please make sure that you adapt its permissions appropriately to avoid
+ * passwords being leaked to e.g. other system users. Take extra care when
+ * the webserver is shared with untrusted users.
+ *
* @copyright © 2000-2006 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* 'name' => 'Netcenter Member Directory',
* 'base' => 'ou=member_directory,o=netcenter.com'
* );
+ *
+ * NOTE: please see security note at the top of this file when
+ * entering a password.
*/
// Add your ldap server options here
* The DSN is in the format: mysql://user:pass@hostname/dbname
* The table is the name of the table to use within the
* specified database.
+ *
+ * NOTE: please see security note at the top of this file when
+ * entering a password.
*/
$addrbook_dsn = '';
$addrbook_table = 'address';
* sent and regular output to begin, which will majorly screw
* things up when we try to send more headers later.
*/
-?>
\ No newline at end of file
+?>
projects / squirrelmail.git / commitdiff