Opened 7 years ago
Closed 5 months ago
#1483936 closed Feature Requests (wontfix)
Database message cache should be encrypted
| Reported by: | makinde | Owned by: | |
|---|---|---|---|
| Priority: | 5 | Milestone: | later |
| Component: | Security | Version: | 0.1-beta2 |
| Severity: | normal | Keywords: | ecryption database security |
| Cc: |
Description
For this to be deployed in many environments the message information stored in the database needs to be encrypted. Having it exposed to any user who can see the tables is a security risk at my university.
Change History (3)
comment:1 Changed 7 years ago by Zelest
comment:2 Changed 7 years ago by thomasb
- Milestone changed from 0.1rc1 to later
- Version changed from 0.1-rc1 to 0.1-beta2
comment:3 Changed 5 months ago by alec
- Resolution set to wontfix
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Having others accessing the tables is a security risk in my opinion and I don't think this is a job for Roundcube to solve as it's the system administrators job to create a separate user/database for Roundcube and only letting Roundcube have access to it. Saying that it's a security risk because others have access to the database is like saying that postfix (or any other MTA) has a security risk because they don't encrypt the maildirs and someone else have access to the maildir.