On Thu, Feb 21, 2008 at 02:05:49PM +0000, Mário Gamito wrote:
> What I'm trying to do is to pass a URL from the login server to the
> email server:
> http://mail.foobar.lan/login.php?username=gamito&clearpass=secret
> Fact is, I don't know much about what I should do with this.
> The webmail (IMP) authenticates via IMAP (Courier).
> Ideas ?
Big NONO for passing the cleartext password like that..
Here's one idea:
1. When the user logins to the login server it does SQL
or some other backend to save users login credentials like:
Key User Pass Timestamp
Where the key can be something like:
sha1sum("SECRET"+"username"+"password"+rand())
2. Save the SHA1 somewhere, to use when user wants email
3. And then patch the IMP to accept param loginhash=<SHA1SUM>.
So you point your user to login.php?loginhash=SHA1SUM
Check the backend that the SHA1SUM is found and isn't expired.
Give IMP the user and pass to go forward..
--
Jani Ollikainen http://iki.fi/bestis/
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
