Re: CBE - Controle by E-mail vr 1.1

That's horribly insecure and allows anyone who finds out (or guesses) the recipient address and a valid phone number to run any command they like on your machine.

To do this at least somewhat securely you should encrypt your command with a private key unique to the sender and only execute if it can be decrypted with the public key stored on the recipient machine. Personally I'd still not use that and rather set up a system that performs specific actions only (instead of blindly executing any command it receives), but that's just me.

All dogma is stupid.

Comment on Re: CBE - Controle by E-mail vr 1.1 Download Code

Replies are listed 'Best First'.
Re^2: CBE - Controle by E-mail vr 1.1 by w3b (Beadle) on Mar 20, 2006 at 12:58 UTC
I think about this.... in next version you have to write password in subject, and then the commend will run. Thanks for suggestions	[reply]
Re^3: CBE - Controle by E-mail vr 1.1 by tirwhan (Abbot) on Mar 20, 2006 at 13:13 UTC
That's still no good. Email is cleartext and, unless you're using the SMTP server on the same host as the POP server, has to pass through multiple hosts over which you probably have no control. Anyone can read the cleartext password on the way, you need to use some form of encryption if you want to have a mechanism that's even borderline secure. All dogma is stupid.	[reply] [d/l]
Re^4: CBE - Controle by E-mail vr 1.1 by w3b (Beadle) on Mar 20, 2006 at 14:02 UTC
Yes it's true... hmmm next good sugestions =] i will remeber about it in next version... i will use ssl	[reply]