AlternC

fixing Dovecot Quotas computing + removing duplicate code

fixed: Fixed at ​http://git.alternc.org/projects/alternc.git/commitdiff/1be8bc1 & ​http://git.alternc.org/projects/alternc.git/commitdiff/d6f0d0e

starting changelog of 3.1.2 and 3.2.2, fixing dovecot-managesieved dependency

[fix] debian debconf settings for mysql : read from /etc/alternc/my.cnf

fixed

[fix] debian debconf settings for mysql : read from /etc/alternc/my.cnf

fixed: fixed on Sept 29 2014

fixing cron reporting, not doing report when nothing was spit out of the user's script

Suite à un audit d'un serveur utilisant Alternc, j'ai eu le retour suivant. À défaut de SSL, il me semblerait pertinent de faire comment certains CMS, et de rajouter une petit surcouche js pour envoyer quand cela est possible un mot haché. THREAT: ... [More] The Web server uses plain-text form based authentication. A web page exists on the target host which uses an HTML login form. This data is sent from the client to the server in plain-text. IMPACT: An attacker with access to the network traffic to and from the target host may be able to obtain login credentials for other users by sniffing the network traffic SOLUTION: Please contact the vendor of the hardware/software for a possible fix for the issue. For custom applications, ensure that data sent via HTML login forms is encrypted before being sent from the client to the host. EXPLOITABILITY: There is no exploitability information for this vulnerability. ASSOCIATED MALWARE: There is no malware information for this vulnerability. RESULTS: GET / HTTP/1.1 Host: serveralternc Connection: Keep-Alive <form action="login.php" method="post" target="_top"> <table border="0" style="border: 1px solid #202020;" cellspacing="0" cellpadding="3" width="300px" > <tr><th colspan="2" align="center">AlternC access</th></tr> <tr><th align="right"><label for="username">Username</label></th><td><input type="text" class="int" name="username" id="username" value="" maxlength="128" size="15" /></td></tr> <tr><th align="right"><label for="password">Password</label></th><td><input type="password" class="int" name="password" id="password" value="" maxlength="128" size="15" /></td></tr> <tr><td colspan="2" align="center"><input type="submit" class="inb" name="submit" value="Enter" /><input type="hidden" id="restrictip" name="restrictip" value="1" /></td></tr> </table> </form> [Less]

rewrite the account deactivation code to make sure it works with mailboxes and restores properly