release-msg.cgi security
Posted: 01 Jul 2014 16:34
Hi all,
I've been using E.F.A. for some time now and I still have some working ESVA setups running at a few sites.
If I recall correctly, a major security breach in the cgi that allowed to release messages marked as spam (I'm talking about ESVA) forced us to close all http/https connections from the exterior and allow them only from within the network (or via vpn). From a security point-of-view it's nice, but it's a huge pain in the @ss to the user side.
I was wondering if those issues have been solved in EFA or if allowing https from the outside is still a huge concern (I say huge because it's always a concern).
thanks in advance.
Tiago Marques
I've been using E.F.A. for some time now and I still have some working ESVA setups running at a few sites.
If I recall correctly, a major security breach in the cgi that allowed to release messages marked as spam (I'm talking about ESVA) forced us to close all http/https connections from the exterior and allow them only from within the network (or via vpn). From a security point-of-view it's nice, but it's a huge pain in the @ss to the user side.
I was wondering if those issues have been solved in EFA or if allowing https from the outside is still a huge concern (I say huge because it's always a concern).
thanks in advance.
Tiago Marques