[Kolab-devel] Quota/usage of other user mailbox

Aleksander Machniak machniak at kolabsys.com
Thu Jul 2 10:19:09 CEST 2015


If other user shares some folders with me I can see his quota/usage via
IMAP (Roundcube shows this).
I'm curious if this should be considered a security issue. I didn't
check if the info is available when any folder is writeable or only
readable, but I suppose cyrus does not differentiate that (or does it?)

RFC2087 says: "The resource usage of other users is likely to be
considered confidential information and should not be divulged to
unauthorized persons".

I'm not sure giving access to a folder is such an authorization.

-- 
Aleksander Machniak
Software Developer, Kolab Systems AG
-------------------------------------------------------
PGP:19359DC1  -  http://kolabsys.com  -  http://alec.pl


More information about the devel mailing list