This shows you the differences between two versions of the page.
privsep [2012/01/10 22:22] eddieburke |
privsep [2012/02/12 16:33] (current) are old revision restored, spam removal |
||
---|---|---|---|
Line 15: | Line 15: | ||
==== What's involved ==== | ==== What's involved ==== | ||
- | But it's not really free. DBmail requires a relatively [[http://www.terrabeads.com/t-skirts.aspx|pencil skirt]] large number of changes, and although most of them should be fairly simple, there are a few deep cuts. | + | But it's not really free. DBmail requires a relatively large number of changes, and although most of them should be fairly simple, there are a few deep cuts. |
The biggest change is making one collection of dbmail tables per-user. This is fairly easy to accomplish- simply override the prefix (DBPFX) and have it include the username (i.e. dbmail_physmessage -> dbmail_geocar_physmessage) | The biggest change is making one collection of dbmail tables per-user. This is fairly easy to accomplish- simply override the prefix (DBPFX) and have it include the username (i.e. dbmail_physmessage -> dbmail_geocar_physmessage) | ||
Line 23: | Line 23: | ||
The login procedure would need to perform the database-engine specific login method using the specified username and password. Because this would ordinarily make non-plaintext logins impossible (without database assistance), we'd need a new dbmail_shadow table that would ONLY be accessible in a limited way. This would be called "dbmail-auth" | The login procedure would need to perform the database-engine specific login method using the specified username and password. Because this would ordinarily make non-plaintext logins impossible (without database assistance), we'd need a new dbmail_shadow table that would ONLY be accessible in a limited way. This would be called "dbmail-auth" | ||
- | dbmail-auth would start as a shadow user, and if a dbmail-imapd process logs in correctly, it is given a "real" username and password (or on some platforms, the already [[http://www.gotlandweb.com/t-hotels.aspx|luxury hotels]] logged in database handle via SCM_RIGHTS) that can be used to get access to the real data. | + | dbmail-auth would start as a shadow user, and if a dbmail-imapd process logs in correctly, it is given a "real" username and password (or on some platforms, the already logged in database handle via SCM_RIGHTS) that can be used to get access to the real data. |
dbmail-auth would be very short, and very easy to audit (compared to all of dbmail-proper) | dbmail-auth would be very short, and very easy to audit (compared to all of dbmail-proper) | ||
- | The LIST/NAMESPACE/LSUB routines (and all the mailbox location code) would need to be changed as well, in order to support multi-user access to a shared mailbox (i.e. dbmail_acl). This, unfortunately, would probably be the messiest set of [[http://www.shoppharmacycounter.com/t-dietpillsonline.aspx|diet pills]] changes. | + | The LIST/NAMESPACE/LSUB routines (and all the mailbox location code) would need to be changed as well, in order to support multi-user access to a shared mailbox (i.e. dbmail_acl). This, unfortunately, would probably be the messiest set of changes. |
Line 35: | Line 35: | ||
* dbmail-auth looks in shadow.sqlitedb for authentication, but not mapping | * dbmail-auth looks in shadow.sqlitedb for authentication, but not mapping | ||
- | * dbmail-auth checks the access control table and ATTACHes any user-mailbox.sqlitedb files that are interested (ATTACH makes it possible for a single SQLite session to access multiple databases) [[http://adipexweightlossdiet.com/fastweightloss.html|quick weight loss]] | + | * dbmail-auth checks the access control table and ATTACHes any user-mailbox.sqlitedb files that are interested (ATTACH makes it possible for a single SQLite session to access multiple databases) |
- | * dbmail-imapd runs chrooted in a directory [[http://www.americanhomemoving.com/|moving company]] that doesn't have access to the .sqlitedb files | + | * dbmail-imapd runs chrooted in a directory that doesn't have access to the .sqlitedb files |
- | [[http://customcollegeessays.com/index.php|college essay]] | ||