Bug#440290: ITP: phamm -- Phamm (PHP LDAP Virtual Hosting Manager) is a front-end written in PHP to manage virtual service's using a LDAP directory backend.
Steve Kemp wrote:
> Before uploading this please please check for security issues.
> Control panels are notorious for them, and immediately upon
> running the online demo at the upstream homepage we can find
> three or four.
>
Thanks for reply.
PHP frontend manage LDAP database only, login use a real LDAP DN
so ACL permission set in /etc/ldap/phamm.acl set right write/read
permission on the database so PHP bug is not real danger for database.
Developer choose do not set suid permission to www-data for operations
that manipulate filesystem, a set of script run in cron with user "vmail"
to create/delete mailbox (for example).
PHP frontend - LDAP Backend - Server services are three components that
can be installed in the same system, two or three due configuration
This is a on-line demo (unstable version)
http://demo.phamm.org/phamm05/www-data/main.php
(Login with manager:rhx)
Stable version used in production since 2005 on varius server. We started
to develop Phamm project because Jamm project (similar project but written
in JSP) do not longer develop.
I submit to PHPLdapAdmin project some patchs in 2005, I also use
little portion of pla code in phamm.
Alessandro De Zorzi
Reply to: