EGroupware already implemented highest security measures, eg. passwords are encrypted by default using blowfish algorithm. So even if someone managed to break into your server and stole the database, your passwords are save!
With 14.1 we improved security even further, and implemented two security measures not to be found in comparable products.
Content Security Policy: ultimate measure against cross site scripting
EGroupware was already quite save in that regard due to it’s innovative eTemplate engine rendering our user interface. Thought there are more ways then pure user input to generate XSS.
Mail passwords in 14.1: stored now in their own password safe
To be able to authenticate to an arbitrary IMAP or SMTP server one needs a username and a cleartext / unencrypted password.
Previous EGroupware versions already allowed to use users login password, which is not stored anywhere permanent on the system. This required a mail server integrated with EGroupware eg. via LDAP.
New written mail app in 14.1 brings not only user experience to a new level, it also improves security by safely storing mail passwords encrypted with users login password. This means, together with up to date secured passwords mentioned above, that a stolen database is not revealing your passwords!
You might ask what happens if user changes his password. If that is done from within EGroupware, passwords get automatic decrypted with old password given by user and re-encrypted with the new one. If an admin resets a password, he will not get access to users (private) mails!
EGroupwares new security features outlined above, our automatic and prompt security updates via package manager of your Linux distribution or Stylite AG’s specialized EGroupware and email hosting recommend it as safe alternative for your groupware or team organization needs.
Our hosting offers state of the art encrypted connectivity with perfect forward secrecy (intercepted communication can not be encrypted with later acquired keys) from web access, to incoming and outgoing mails. All our servers are within Germany under our full control. They use only latest software versions and are permanently updated. Security relevant incidents like recent Heartbleed bug were mitigated within hours!
Director Software Development