Google

[Prev][Next][TOC][Home]


Security


Can I obscure email addresses?

See the SPAMMODE resource.


How can I prevent web access to .mhonarc.db files?

MHonArc database files may contain information that you do not want web users to directly access. The best example is when your archive is customized to obscure email addresses. However, in the MHonArc database file, the original, unobscured, addresses exist.

Practically, all web servers provide the ability deny access to files. Refer to your web server's documentation for the specifies. If you are using the Apache HTTP server, the following configuration directive can be used:

<Files .mhonarc.db>
    Order allow,deny
    Deny from all
</Files>

If you have mod_rewrite enabled, you could use the following instead:

RewriteRule ^(.*)/.mhonarc.db $1 [R=permanent]

This will redirect browsers to the parent directory, which is the actual archive associated with database file.


Why are HTML messages a security risk?

HTML can contain dynamic content, like JavaScript. If an HTML message is blindly archived, you are introducing foreign dynamic content to your web site that you have no control over. The best example of this danger is the problem web-based email sites (e.g. Hotmail) encountered when malicious people were sending HTML messages to web-based email users and the messages contained dynamic content that would popup windows (which had a similiar style of the web-based email hosting provider) requesting sensitive information from users (like passwords).

The following is a brief list of some of the security issues related to HTML messages:

  • Can contain foreign dynamic content.
  • Can autoload URLs (via IMG, and similiar, elements) which can be used to collect statistics on unsuspected readers.
  • Contain hidden contents (like server-side include comments) which may be processed by web servers to execute arbitrary programs or extract arbitrary system files.

MHonArc's HTML filter (documented under the MIMEFILTERS) resource provides functionality of stripping out HTML data to minimize security exploits. Check the document for full details. The general recommendation for the security conscience is to exclude any HTML message data, especially for publicly accessible archives.


Why doesn't MHonArc, by default, use the specified filename when saving attachments?

A malicious person could send a message with an attachment filename that could overwrite existing content or be interpreted by the web server in some special manner to execute actions. Example: Apache allows for the support for creating .htaccess files to allow configuration settings within a directory. If you have this feature enabled and a message containes an attachment with the specified filename .htaccess and MHonArc blindly used the attachment filename, the attachment will override any existing .htaccess file you created with a version defined by the sender of the message.

Another possibility is that web servers sometimes interpret filenames with certain extensions as executable content, like .shtml, .cgi, .phtml. If MHonArc used the attachment filename, or even just the attachment filename extension, anyone who can send mail that will be archived on your site can introduce executable content.

It is because of the above reasons that the m2h_external::filter documented in the MIMEFILTERS resource advises caution when using the filter options that enable the usage of attachment filenames or filename extensions.


[Prev][Next][TOC][Home]


$Date: 2002/04/02 06:57:57 $
MHonArc
Copyright © 2002, Earl Hood, mhonarc@mhonarc.org