Opened 10 years ago

Closed 6 years ago

#451 closed Bug/Something is broken (duplicate)

centralized webmail should be able to guess the user's "home" server

Reported by: https://id.mayfirst.org/dkg Owned by: https://id.mayfirst.org/jamie
Priority: Medium Component: Tech
Keywords: webmail central-webmail Cc:
Sensitive: no

Description

Why make users of the centralized webmail app select which server they're trying to log into?

Given the username, would it it possible to know who "belongs" to which server?

Would it be possible for the centralized webmail app to make that decision for the user so they only need to know their MF/PL user name?

The simpler we make this tool, the easier it will be for people to transition to it.

For example, the initial login (just username and password) could submit to special page that does a username -> host lookup, and then forwards the request (including the host now) to the actual login URL, proxying the response back to the user, who continues without needing to think about the lookup.

Change History (6)

comment:1 Changed 10 years ago by https://id.mayfirst.org/jamie

That sounds like a great idea. I don't think it should hold up the transition to the new system (we really need to start putting members on mandela), however, it would be a useful new project.

comment:2 Changed 10 years ago by https://id.mayfirst.org/dkg

I agree with your assessment of priorities. I wanted to record this here so we didn't forget it, though. The components that would be needed to make this work are:

  • a way for some agent on the centralized webmail server to perform username -> primary-host lookups
  • the ability to either make a proxied connection, or make a plugin for the IMP or squirrelmail login systems

We'd also need to figure out how to deal with login failures -- do we show people the choice of server during login failure? or do we show the more-minimal form?

comment:3 follow-up: Changed 10 years ago by https://id.mayfirst.org/jamie

Yes, and while it's on my mind:

Is there value in re-enforcing in people's minds the name of their primary host?

Regarding the first component: is this privileged information (the link between username and primary host)?

comment:4 in reply to: ↑ 3 ; follow-up: Changed 10 years ago by https://id.mayfirst.org/dkg

Replying to https://id.mayfirst.org/jamie:

Is there value in re-enforcing in people's minds the name of their primary host?

I don't see any value in it, but i could be missing something. Do you see any value in it?

Regarding the first component: is this privileged information (the link between username and primary host)?

Why would that information be privileged? What forms of threat do you imagine protecting against by keeping it private? One concern might be that fully-publishing the list would expose the list of usernames themselves, i suppose. But you wouldn't need to fully publish the list to just allow queries against it from either of the webmail systems.

comment:5 in reply to: ↑ 4 Changed 10 years ago by https://id.mayfirst.org/jamie

Replying to https://id.mayfirst.org/dkg:

Replying to https://id.mayfirst.org/jamie:

Is there value in re-enforcing in people's minds the name of their primary host?

I don't see any value in it, but i could be missing something. Do you see any value in it?

Perhaps to assist when ssh'ing or sftp'ing to their web site - so they know which fingerprint to look for. Also - if they use phpmyadmin, they will still need to know the name of their primary host. And - for setting up desktop email clients - they will need to know as well. Arguably, these are one time setups - and they can reference their primary host in the control panel.

Regarding the first component: is this privileged information (the link between username and primary host)?

Why would that information be privileged? What forms of threat do you imagine protecting against by keeping it private? One concern might be that fully-publishing the list would expose the list of usernames themselves, i suppose. But you wouldn't need to fully publish the list to just allow queries against it from either of the webmail systems.

Yeah - my only idea of how to exploit it would be to test the validity of usernames. A bot could run through a list of common usernames and determine which were in use on our servers and on which servers, which could assist in a dictionary attack.

We could always respond, even for an invalid username, by displaying a randomized server name :).

comment:6 Changed 6 years ago by https://id.mayfirst.org/dkg

  • Resolution set to duplicate
  • Status changed from new to closed

I think this is going to ultimately be resolved by #5551

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.