[Gllug] recommendations for webmail software?

[Richard Cohen]

On 23/03/06, Tethys <sta296 at astradyne.co.uk> wrote:
>
> "Richard Cohen" writes:
>
> >However, based on previous experience, I've developed a dislike for
> >PHP, and particularly for off-the-shelf, public-facing PHP
> >applications.  They just have too much of a history of security and
> >other problems for me to want to deal with them.
>
> It should be pointed out that virtually all of the exploits have been
> due to poorly written applications, rather than because of vulnerabilities
> in PHP itself. However, I understand your concerns completely, and I've
> avoided going the PHP webmail route for my family for exactly the same
> reasons.

Yes, so in theory, I'd be happy running a PHP webmail I'd written
myself, or one written by someone I actually know and trust to run
public-facing code on my machine.  Unfortunately (or fortunately), I
don't speak PHP and have no interest in learning, and I don't know of
any webmail apps written by the relatively small number of 'big name'
developers I trust. Plus, I would prefer to just keep PHP as a whole
off my machine :-)  Also, to be honest, while I'd be reasonably happy
having a go at writing such a beast in Python, the interface would
suck... I'm not much of an interface person...

Unfortunately, the family are used to the existing setup on my
existing host, which I'm in the process of migrating away from.  My
sister, in particular, spends a lot of time on-site at various jobs
(TV shows) and doesn't have her own machine with her, so needs
something stateless.

> Have you considered coming up with a suitable SELinux policy? That way,
> your app may be compromised but the rest of your system won't be.

Given that this is on a UML virtual machine at Bytemark running a 2.4
kernel, I think that may be somewhat of a dead end... good thought
though.

> Tet

Cheers
Richard
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug