top | item 27721934

(no title)

jarland | 4 years ago

How do you track the name without tracking the password itself? The IMAP standard doesn't provide a function for this. You'd have to log the password used and do it that way. It'd be hard to implement such a thing with the base protocol without adding a security concern.

Then again I'm not a software developer, I'm an admin and hope to be hiring a dev this year. MXroute works mostly on open source or licensed software, with a heavy focus on custom in-house configuration being around the outbound relays, as the initial focus of MXroute was based on getting emails to their recipients, no matter the cost. These days, that's increasingly difficult and time consuming for a lot of people (IP reputation, etc).

discuss

joshka|4 years ago

I'm a dev not an admin. Change your password query from something like (pseudo code)

    SELECT username, ... FROM applications WHERE username = ? AND password = MD5(?)

    SELECT username + ' ' + applicationName FROM ... (as above)

Then log the user name for each session, or return an extra field that is the app name when doing a password check (assumes your MX can do this). This is the general idea, and it's more pointing out why the advice is wrong, than talking about how to fix it and make it possible.