RE: [IMail Forum] Login

[ron]

Then I believe changing the form action to something like https://mail.domain.com:8384/login.cgi will maintain encryption over the 'net. Of course, you'll need SSL enabled in Web Messaging.   -Ron -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Kowalski Sent: Tuesday, August 08, 2000 12:39 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] Login Our login page will be SSL encrypted.  What I am trying to avoid is passing the information in an unsequre form from page to page.      ----- Original Message ----- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 08, 2000 12:35 PM Subject: RE: [IMail Forum] Login It would put them in hidden fields on the html form, so that user (only) could see them with a View Source. Passing them to the login form is no less secure than any other html post with the username and password. So, in effect, the method is no less secure than a standard, non-SSL login form... for anyone else to get the username and password, they'd need to be sniffing the packets. And that's doable even with regular password fields.   -Ron -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Kowalski Sent: Tuesday, August 08, 2000 11:25 AM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] Login I'm not sure that this would be acceptable because we have some imposed security requirements.  Wouldn't this put the UserName and Password in plain text for anyone to see.  Any more thoughts would be appreciated. ----- Original Message ----- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 08, 2000 11:41 AM Subject: RE: [IMail Forum] Login Mike,   Someone asked that question here yesterday. Here was my answer: Check out our sample form code at http://hksi.net/imail-login.htm. To make it "automatic", change the userid and passwd fields to type="hidden", then fill their values with ASP code, probably something like value="<%=UserName%>" and value="<%=Password%>". Then, all the user has to do is click the Submit button (or a link that triggers a JavaScript form submission), and they'll be logged right in. Also, there is no API into the heart of IMail. But we can still dream... :) Hope this helps, Ron ron allen hornbaker    humankind systems, inc.     mailto:[EMAIL PROTECTED] HKSI WebMail Templates for IMail v6x ~ Now 607 Installations Worldwide Demo: http://mail.hksi.net   Buy: http://humankindsystems.com/products   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Kowalski Sent: Tuesday, August 08, 2000 10:19 AM To: [EMAIL PROTECTED] Subject: [IMail Forum] Login We are evaluating whether to purchase the IMail package.  We have a need for a common login area that provides access to several resources.  Email is one of them.   We want the user to be able to login once and have access to any of the resources without having to login again.(The resources will be on different servers).   After a quick tour of the product I was not able to find any exposure of the API other than through the tags and templates.  Is there an interface that can be accessed programatically.  Or is there another way to credential a user outside the provided Login.cgi, and have that information forwarded to the mail system for authentication.   Any help provided will be greatly appreciated.   Thanks,   Mike Kowalski