Dave Ewart escreveu: >> Maybe you should think about using better software (squirrelmail and >> bind are not secure enough for public servers, anyway :-)) > > Can you provide some evidence to back up that remark?
Sure. Squirrelmail is written in PHP, a fast-development language not designed with security in mind: http://www.sklar.com/page/article/owasp-top-ten Squirrelmail vulnerabilities: http://secunia.com/product/288/ BIND flaws: http://www.lurhq.com/dnscache.pdf http://www.isotf.org/news/DNS-Amplification-Attacks.pdf http://cr.yp.to/djbdns/blurb/security.html http://cr.yp.to/djbdns/guarantee.html []s, -- André Carezia Eng. de Telecomunicações Carezia Consultoria - www.carezia.srv.br -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
