Mark Crispin <[EMAIL PROTECTED]> > I recently received a request to allow plaintext passwords in unencrypted > connections if the connection is localhost, even if plaintext passwords are > otherwise forbidden in unencrypted connections. > > I see no reason not to do this in UW imapd (and make a user very happy), but > before I do it I'd like to get a sanity check from the community -- is there > any reason why this might be a bad idea?
I'm inclined to agree with that user. Makes sense for stunnel port 993 tunnels etc. But I'd think hard about whether there might be less benevolent tunnels out there: http://www.bronnenberg.net/antispam/dsl.cable.redirect.html suggests there are (in a different context). --Arnt
