[Kolab-devel] Quota/usage of other user mailbox
Aleksander Machniak
machniak at kolabsys.com
Thu Jul 2 10:19:09 CEST 2015
If other user shares some folders with me I can see his quota/usage via
IMAP (Roundcube shows this).
I'm curious if this should be considered a security issue. I didn't
check if the info is available when any folder is writeable or only
readable, but I suppose cyrus does not differentiate that (or does it?)
RFC2087 says: "The resource usage of other users is likely to be
considered confidential information and should not be divulged to
unauthorized persons".
I'm not sure giving access to a folder is such an authorization.
--
Aleksander Machniak
Software Developer, Kolab Systems AG
-------------------------------------------------------
PGP:19359DC1 - http://kolabsys.com - http://alec.pl
More information about the devel
mailing list