> Is there any possibility that to encrypt the password column in the > SQL database? If we use any third party tool and encrypt the > password column, will Imail understand this.
Nope. Unless your ODBC driver can do the decryption before it feeds the information back to IMail. > what should be done in the Imail side to understand this encrypted > password? Writing a custom ODBCUSER.DLL would make this possible. It is not recommended, a very complex development task not to be taken lightly under any circumstances. Is the rest of your environment truly that secure? Are you requiring APOP and HTTPS for all accounts? Are there personnel who are required to read all of the IMail table columns, but who are not allowed to know the passwords? Personnel who are required to have full access to the IMail server, but are not allowed to know the passwords? Are you concerned about on-the-wire sniffing, which could be taken care of with ODBC-level encryption? > Guys through some light on this. Encryption that allows decryption from user mode without user intervention is not very secure. No matter how you slice it, if the password is being transmitted in the clear from process to process (as would still be true with a custom DLL), it can be grabbed by a skilled cracker who has previously compromised your server--not to mention the other havoc that could be wreaked with access to all incoming and outgoing mail at the source! -Sandy To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
