What security issues might there be when running POPFile?

Home users are believed to be reasonably secure with the current design of POPFile, however there are a few situations that users should be aware of. Currently POPFile stores the last 2 days of message history in an unencrypted form. It is possible that someone could read the contents of a user's mail if they can gain access to the files that are contained within the POPFile directory. Home users have little to worry about this situation because if a user can gain access to the POPFile directory, chances are they could also gain access to the user's email client folder (in other words, their system is no more insecure in this situation with POPFile installed). It is also possible to allow external connections to be made to POPFile, but they are disabled by default. Other security concerns will increase if and when POPFile gains the abilities to be used as a shared, multi-user system on a server and will be addressed at that time.

faq/securityissues.txt · Last modified: 2008/02/08 19:49 (external edit)

Should you find anything in the documentation that is incomplete, unclear, outdated or just plain wrong, please let us know and leave a note in the Documentation Forum.

Recent changes RSS feed Donate Driven by DokuWiki
The content of this wiki is protected by the GNU Fee Documentation License