Printable Version of Topic
Click here to view this topic in its original format
forum.schmolie.com > Colocation and Dedicated Server Hosting > IMAP is displaying all my website contents!


Posted by: fabrizio Jul 1 2007, 06:20 AM
Hello,
I have just configured my new iPhone e-mail client to read my mail by using IMAP and it works fine. The only problem is that when I display my mailboxes I can see all the contents of my website (files, directories, etc)! I don't understand how that can happen, I think it's a big security flaw too! Any idea to avoid this on server side?

Thank you in advance.

Best,
Fabrizio

Posted by: andy Jul 1 2007, 12:10 PM
I really don't know anything about the iPhone or what information you have to give it for it to download email, but my suspicion is that you're displaying publically available content, so it isn't as big of an issue as you might think.

My first reaction is that you're just viewing directories using an FTP browser built into the phone. I've never heard of IMAP showing anything other than email.

If indeed you're viewing directories via FTP, then you have logged in as a user and will be able to view any files or directories owned by that user or in that user's group.

Also, FTP users that are not change-rooted (chrooted: locked into just browsing their own FTP directories), can browse and view any files allowed by the Unix permissions. This isn't a security flaw. Just simply make sure your Unix file and directory permissions are set to what they should be and each user will only be able to do what is allowed by those permissions. If you aren't comfortable with someone seeing file lists in directories they don't own, then chroot that user's FTP account.

Is there a way that you can take a picture of what you're seeing on your iPhone and post that file or email it to support for us to see? You'd have take the picture using a separate device, of course, unless the iPhone supports taking screenshots of what is on its screen. We're interested in helping you get to the bottom of this, but it isn't a problem we've ever seen before, nor do we have an iPhone to be able to duplicate the problem.

Posted by: fabrizio Sep 1 2007, 06:31 AM
Thank you Andy for your reply and sorry fro my delay.

Well, actually that's a IMAP issue not FTP, I have the same problem with Mail program on Mac OS X. If you wish I can send you a screen shot of what the program is showing: all the content of my directory (!!!). I know, sounds very strange but that's it!

Thank you again.

Fabrizio

Posted by: andy Sep 1 2007, 10:53 PM
Please email support@advantagecom.net with the screenshot of the OS X mail program showing the problem.

They'll help you track down the problem. I'll be working on some other deadlines and will be unable to assist at this time.

Posted by: fabrizio Sep 5 2007, 07:08 AM
Thank you Andy, I will do that.

Best,
Fabrizio

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)