In addition to EmmArrBee's bug report that TW should not send spoofed mails, I would like to add something on top. Nowadays, admins might want to reassure their users that mails from a Tiki installation really are genuine. There are several ways towards this goal.
I would like to sort them by importance and ease of integration like this:
DKIM needs at least some assistance by the ISP, but some parts can be integrated into Tiki. DKIM will soon become necessary for not getting spam-filtered.
Signing and encrypting actually do not need much, because the cryptographic part can be fully outsourced to a pre-existing GPG. It should be checked whether GPG_PATH is set (usually to /opt/gnupg/bin/gpg). A keyring must exist or be created,
The only tricky thing that comes to my mind is the handling of the passphrase. As we cannot ask the admin to enter the passphrase each and every time, we must store it somewhere, which opens a security risk of it getting compromised. So admins should be advised that they create a key and passphrase that can be easily exchanged if compromised. Admins shall be advised to not use their (or someone else's) personal keys for this purpose under ANY circumstance! For comfort, the revoking of the old key could become a Tiki feature somewhere.
To help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
To help developers solve the bug, we kindly request that you demonstrate your bug on a show.tikiwiki.org instance. To start, simply select a version and click on "Create show.tikiwiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show.tikiwiki.org.
filename | created | hits | comment | version | filetype | ||
---|---|---|---|---|---|---|---|
No attachments for this item |