[Kolab-devel] Clarification regarding Windows and Kolab Legacy Mode
Martin Konold
martin.konold at erfrakon.de
Mon May 24 07:23:32 CEST 2004
Am Saturday 22 May 2004 04:13 am schrieb Ian Reinhart Geiser:
Hi Ian,
> > >>XP and Outlook 2000. If this make any difference, I also have MS Web
> > > With MS XP you may simply map a web resource to a drive letter and use
> > I can't map the web resource to a drive letter, because the .vfb is
> > dynamically generated. I guess your solution would be an acceptable
> > work-around if it was not the case.
You shall not map the .vfb to the drive letter but the directory containing
the fb's. This directory is static.
> > I found another workaround to make the F/B accessible via plain HTTP for
> > my setup, but I am still wondering why Outlook can't retrieve it via
> > HTTPS.
This is due to the usage of the Publishing wizard.
> This is a brain damage in outlook2k. You actually have to set up FTP with
> free read/write for everyone on the same account to even have FBL. I have
> a patch that allows you to actually use the accounts and passwords to read
> the FBL files with FTP. Somehow the KOLAB developers seem to think everyone
> using the same account is more secure than people using their own accounts,
> but i digress. There are a few tired threads on the issue.
Short summary: Yes, in the case of not using Win XP but older Windows Versions
with OL 2k we use a shared ftp account for the fb lists in order not to
transfer the _valuable_ password in cleartext over the wire.
Szenario 1: Use a shared secret to access ftp account
Worst case: Users are able to manipulate the fb lists of others (reading is
allowed to anyone as part of the design....)
Szenario 2: Use the users credentials to access ftp account
Worst case: Users can _easily_ sniff(*) the real credentials of all other
users and act on their behalf including manipulating any data and changing
the password.... Of course this also includes the possibility of a malicious
user to manipulate the fb lists.
My conclusion: In a setup like yours (Win2k+OL2k) using the real credentials
to access the ftp area is a bad idea because it has the same weaknesses but
even more security threads.
>
> One other option that we have been using here is to share the directory on
> a samba share, but im not sure how feasible that is for your instance.
> Good luck though, you will need it =)
>
> Cheers
> -ian reinhart geiser
(*) There are freely available and easy to use programs which automaticall
collect the credentials in a network. No... ethernet switches are no
protection!
Yours,
-- martin
Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de
More information about the devel
mailing list