How IMP Works

Previous page
Table of content
Next page
only for RuBoard - do not distribute or recompile

How IMP Works

Now that you have been given an overview of IMP, I will give you some details on how IMP works. This information is useful if you have problems later on. A good understanding of the fundamentals is invaluable when you have problems!

IMP presents a logon Web page to the customer. The user enters a logon name and password. This is the same logon name given to the user when the adduser command is executed in Linux. The password is the same password that is given to the user with the passwd command. This provides you with a good level of security and makes it harder to have your site hijacked.

EXCURSION: Password Security

If you installed Red Hat Linux, you were given the option of using shadow passwords. This feature creates a file named shadow in the /etc directory, alongside the always-present passwd file.

The passwd file is world readable. If your passwd file contains your passwords, it can be read by anyone who is logged in to a shell account. If you put a PHP script on your system that has a security flaw, the script could possibly be tricked into reading the passwd file. This security hole existed in IMP 2.0.10, and is fixed in version 2.0.11.

After a person has read your passwd file, he can then run a crack program against the file and recover some passwords. This is a security risk.

Only the root user can read the shadow file. This means a user cannot log on to the system and read the shadow file under most circumstances. This prevents most users from cracking your password list.

Another option you were given for passwords was MD5 encryption. In previous installations of Linux, you were given the standard Linux encryption of passwords. This encryption was very weak and easily broken. Using MD5 encryption makes it much harder to break passwords, and is much superior .

If you are running Linux and don't have shadow passwords, you need to enable shadow passwords. If the file /etc/shadow exists, you have shadow passwords enabled. If it does not, run either pwconv or pwconv5 from a command prompt.

If the program complains that it cannot convert the passwords, you are partially converted. Any new users will have their passwords entered into the /etc/shadow file. Old users still have their passwords in the /etc/passwd file. At this point, you can use removeuser to remove a user, and adduser to add the user back to the system. The user password then shows up in the shadow file.

If you are very skilled, you can move the passwords using a text editor. This is dangerous! However, it is the only way I have found to move the root password over to the shadow file when pwconv fails. However, I have also prevented the root user from logging back in after I have done this because of mistakes.

  1. Log on as root.

  2. Make backup copies of /etc/shadow and /etc/passwd.

  3. Open the /etc/passwd file, cut the text between the first and second colons in the /etc/passwd file, and move them to the same location in the /etc/shadow file.

  4. Save both files. Don't log out.

  5. Switch to another console and attempt to log on as the root user.

  6. If it allows you to log on, you were successful. If not, copy the backup files over the original files, and call in an expert.

The IMAP server is called with these parameters, and the mail in the user's inbox folder is scanned. All the from and subject lines are displayed. The user clicks the subject lines to read the mail. The current status of each message is shown on a line to the right. Various hyperlinks allow the user to delete mail, move mail between folders, and reply to, forward, bounce, or save mail. Addresses can be added to the user's address book.

To send a message, the user clicks the Compose hyperlink. A screen appears, and the message is entered. Attachments are done here. A click on the Send Message button sends the message on its way, using the IMAP server.

What IMP Does for You

The IMP system ties your Web server into your email system. Users are able to read and send email using any host that supports the IMAP protocol and allows IMP to connect.

With IMP, you can send and receive attachments from anywhere . If you have Microsoft Office installed along with Internet Explorer on Windows platforms, you can view Microsoft Word documents within the Web browser under Windows 95, 98, and NT. You are also able to save contact addresses in a personal address book.

IMP provides a good level of security through a logon and password requirement. You can restrict who is able to use IMP through the security features in your Web server. In the case of Apache, you can limit the viewing of the IMP pages to arbitrary IP address ranges.

Getting Online Help for IMP

The main Web site for IMP is http://www. horde .org. At that site you will find all the latest software, along with a Frequently Asked Questions (FAQ) list. A mailing list is available. To subscribe, send an email to imp-request@lists.horde.org, with the word subscribe in the subject of the message (not the body). More information about the available mailing lists is at http://www.horde.org/mail/.

only for RuBoard - do not distribute or recompile

Previous page
Table of content
Next page
MySQL and PHP From Scratch
MySQL & PHP From Scratch
ISBN: 0789724405
EAN: 2147483647
Year: 1999
Pages: 93
Authors: Wade Maxfield
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
CISSP Exam Cram 2
Visual C# 2005 How to Program (2nd Edition)
What is Lean Six Sigma
Special Edition Using FileMaker 8
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy