Commit | Line | Data |
---|---|---|
86530b38 AT |
1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML//EN"> |
2 | <HTML> | |
3 | <HEAD> | |
4 | <TITLE>MHonArc FAQ: Security</TITLE></HEAD> | |
5 | <BODY> | |
6 | ||
7 | <!--X-NavButtons-Start--> | |
8 | <p align=center> | |
9 | [<a href="mime.html">Prev</a>][Next][<a href="faq.html">TOC</a>][<a href="http://www.mhonarc.org/">Home</a>] | |
10 | </p> | |
11 | <!--X-NavButtons-End--> | |
12 | ||
13 | <!-- ===================================================================== --> | |
14 | <HR> | |
15 | <H2><a name="security">Security</a></H2> | |
16 | ||
17 | <!--X-TOC-Start--> | |
18 | <ul> | |
19 | <li><a href="#spam">Can I obscure email addresses?</a></li> | |
20 | <li><a href="#spam">How can I prevent web access to <tt>.mhonarc.db</tt> files?</a></li> | |
21 | <li><a href="#htmldata">Why are HTML messages a security risk?</a></li> | |
22 | <li><a href="#attachments">Why doesn't MHonArc, by default, use the specified filename when saving attachments?</a></li> | |
23 | </ul> | |
24 | <!--X-TOC-End--> | |
25 | ||
26 | <!-- ??????????????????????????????????????????????????????????????? --> | |
27 | <hr noshade size=1> | |
28 | <table border=0> | |
29 | <tr valign=top><td><img src="monicon.png" align="bottom" alt=""></td><td> | |
30 | <h3><b><a name="spam">Can I obscure email addresses?</a></b></h3> | |
31 | </td></tr></table> | |
32 | ||
33 | <p>See the <b>SPAMMODE</b> resource. | |
34 | </p> | |
35 | ||
36 | <!-- ??????????????????????????????????????????????????????????????? --> | |
37 | <hr noshade size=1> | |
38 | <table border=0> | |
39 | <tr valign=top><td><img src="monicon.png" align="bottom" alt=""></td><td> | |
40 | <h3><b><a name="spam">How can I prevent web access to <tt>.mhonarc.db</tt> files?</a></b></h3> | |
41 | </td></tr></table> | |
42 | ||
43 | <p>MHonArc database files may contain information that you do | |
44 | not want web users to directly access. The best example is when | |
45 | your archive is customized to obscure email addresses. However, | |
46 | in the MHonArc database file, the original, unobscured, addresses | |
47 | exist. | |
48 | </p> | |
49 | ||
50 | <p>Practically, all web servers provide the ability deny access | |
51 | to files. Refer to your web server's documentation for the specifies. | |
52 | If you are using the <a href="http://httpd.apache.org/">Apache HTTP server</a>, | |
53 | the following configuration directive can be used: | |
54 | </p> | |
55 | <pre> | |
56 | <Files .mhonarc.db> | |
57 | Order allow,deny | |
58 | Deny from all | |
59 | </Files> | |
60 | </pre> | |
61 | <p>If you have <tt>mod_rewrite</tt> enabled, you could use the following | |
62 | instead: | |
63 | </p> | |
64 | <pre> | |
65 | RewriteRule ^(.*)/.mhonarc.db $1 [R=permanent] | |
66 | </pre> | |
67 | <p>This will redirect browsers to the parent directory, which is | |
68 | the actual archive associated with database file. | |
69 | </p> | |
70 | ||
71 | <!-- ??????????????????????????????????????????????????????????????? --> | |
72 | <hr noshade size=1> | |
73 | <table border=0> | |
74 | <tr valign=top><td><img src="monicon.png" align="bottom" alt=""></td><td> | |
75 | <h3><b><a name="htmldata">Why are HTML messages a security risk?</a></b></h3> | |
76 | </td></tr></table> | |
77 | ||
78 | <p>HTML can contain dynamic content, like JavaScript. If an | |
79 | HTML message is blindly archived, you are introducing foreign dynamic | |
80 | content to your web site that you have no control over. The best | |
81 | example of this danger is the problem web-based email sites (e.g. | |
82 | Hotmail) encountered when malicious people were sending HTML messages | |
83 | to web-based email users and the messages contained dynamic content | |
84 | that would popup windows (which had a similiar style of the web-based | |
85 | email hosting provider) requesting sensitive information from | |
86 | users (like passwords). | |
87 | </p> | |
88 | ||
89 | <p>The following is a brief list of some of the security issues | |
90 | related to HTML messages: | |
91 | </p> | |
92 | <ul> | |
93 | <li>Can contain foreign dynamic content. | |
94 | </li> | |
95 | <li>Can autoload URLs (via IMG, and similiar, elements) which | |
96 | can be used to collect statistics on unsuspected readers. | |
97 | </li> | |
98 | <li>Contain hidden contents (like server-side include comments) | |
99 | which may be processed by web servers to execute arbitrary | |
100 | programs or extract arbitrary system files. | |
101 | </li> | |
102 | </ul> | |
103 | ||
104 | <p>MHonArc's HTML filter (documented under the <b>MIMEFILTERS</b>) resource | |
105 | provides functionality of stripping out HTML data to minimize security | |
106 | exploits. Check the document for full details. The general recommendation | |
107 | for the security conscience is to exclude any HTML message data, especially | |
108 | for publicly accessible archives. | |
109 | </p> | |
110 | ||
111 | <!-- ??????????????????????????????????????????????????????????????? --> | |
112 | <hr noshade size=1> | |
113 | <table border=0> | |
114 | <tr valign=top><td><img src="monicon.png" align="bottom" alt=""></td><td> | |
115 | <h3><b><a name="attachments">Why doesn't MHonArc, by default, use the specified filename when saving attachments?</a></b></h3> | |
116 | </td></tr></table> | |
117 | ||
118 | <p>A malicious person could send a message with an attachment filename | |
119 | that could overwrite existing content or be interpreted by the web | |
120 | server in some special manner to execute actions. Example: Apache | |
121 | allows for the support for creating <tt>.htaccess</tt> files to allow | |
122 | configuration settings within a directory. If you have this feature | |
123 | enabled and a message containes an attachment with the specified | |
124 | filename <tt>.htaccess</tt> and MHonArc blindly used the attachment | |
125 | filename, the attachment will override any existing <tt>.htaccess</tt> | |
126 | file you created with a version defined by the sender of the message. | |
127 | </p> | |
128 | ||
129 | <p>Another possibility is that web servers sometimes interpret | |
130 | filenames with certain extensions as executable content, like | |
131 | <tt>.shtml</tt>, <tt>.cgi</tt>, <tt>.phtml</tt>. If MHonArc used the | |
132 | attachment filename, or even just the attachment filename extension, | |
133 | anyone who can send mail that will be archived on your site can | |
134 | introduce executable content. | |
135 | </p> | |
136 | ||
137 | <p>It is because of the above reasons that the | |
138 | <tt><b>m2h_external::filter</b></tt> documented in the <b>MIMEFILTERS</b> | |
139 | resource advises caution when using the filter options that enable | |
140 | the usage of attachment filenames or filename extensions. | |
141 | </p> | |
142 | ||
143 | <!-- ===================================================================== --> | |
144 | <hr> | |
145 | ||
146 | <!--X-NavButtons-Start--> | |
147 | <p align=center> | |
148 | [<a href="mime.html">Prev</a>][Next][<a href="faq.html">TOC</a>][<a href="http://www.mhonarc.org/">Home</a>] | |
149 | </p> | |
150 | <!--X-NavButtons-End--> | |
151 | ||
152 | <HR> | |
153 | <address> | |
154 | $Date: 2002/04/02 06:57:57 $ <br> | |
155 | <img align="top" src="monicon.png" alt=""> | |
156 | <a href="http://www.mhonarc.org/" | |
157 | ><strong>MHonArc</strong></a><br> | |
158 | Copyright © 2002, <a href="http://www.earlhood.com/" | |
159 | >Earl Hood</a>, <a href="mailto:mhonarc@mhonarc.org" | |
160 | >mhonarc@mhonarc.org</a><br> | |
161 | </address> | |
162 | </BODY> | |
163 | </HTML> |