Hacker News new | past | comments | ask | show | jobs | submit login

After reading about rainloop I could see wanting to run it locally, but as soon as you put it on a VM somewhere you're create a very public access point for all of your email accounts if that server gets compromised aren't you? Seems like creating a weak link on purpose.



I don't know specifically about RainLoop, but I usually put services like that behind a BasicAuth on the web server. It's a simple but effective way to protect myself from PHP/application vulnerabilities - at a minor annoyance to the users (authenticating twice, every once in a while).


It's no less safe than running a desktop email client and leaving that computer up 24-7.


I don't think that's true. A home computer can be firewalled with no incoming connections allowed. Your VM in the cloud has potential attack vectors through your own control interfaces (http/ssh/pop/imap) as well as the hosting control panel. In addition it may be listening for incoming smtp. I might trust myself to configure all of those securely but I'm not sure.


You don't need to put it in the cloud. Just run it from inside your local network. If you want to access it from outside, you can setup a VPN.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: