Ticket #1483936 (new Feature Requests)

Opened 2 years ago

Last modified 15 months ago

Database message cache should be encrypted

Reported by: makinde Owned by:
Priority: 5 Milestone: later
Component: Security issue Version: 0.1-beta2
Severity: normal Keywords: ecryption database security
Cc:

Description

For this to be deployed in many environments the message information stored in the database needs to be encrypted. Having it exposed to any user who can see the tables is a security risk at my university.

Change History

Changed 2 years ago by Zelest

Having others accessing the tables is a security risk in my opinion and I don't think this is a job for Roundcube to solve as it's the system administrators job to create a separate user/database for Roundcube and only letting Roundcube have access to it. Saying that it's a security risk because others have access to the database is like saying that postfix (or any other MTA) has a security risk because they don't encrypt the maildirs and someone else have access to the maildir.

Changed 2 years ago by thomasb

  • version changed from 0.1-rc1 to 0.1-beta2
  • milestone changed from 0.1rc1 to later
Note: See TracTickets for help on using tickets.