On Wed, Feb 04, 2004 at 11:41:06AM -0800, Eric S. Pulley wrote:In this scenario you are still passing the SALT in clear text to the db but IMO this is much better than having your users logging in with plaintext passwords over an open network. Especially if your DB is on the same host as cyrus-imap since you can contain it to a socket and not use a network at all for the DB lookups.
So what is the gain here, really? I may be wrong, but I suspect that you've confused yourself on what you are protecting. If you aren't using TLS, then the password is going over the network in cleartext anyway.
If imapd is on a different host than the db, then the encrypted password is going with the salt... so effectively cleartext.
Yes, you are correct. However, the SQL query is going over a switched network segment you have control over not the Internet at large. Or even better a socket on a black box. If your config requires you to pass the SQL query over an insecure subnet then you should, of course, SSL encode the DB connection. This allows you to use cram or digest at the mail client leaving the admin to deal with the security of the backend, not some confused user setting up their account. Plus it still allows the admin access to the cleartext password in the DB.
But it all comes down to were you want to take your risks. I'm not saying you shouldn't use TLS/SSL where ever you can in addition to any other security you have in place. This solution is specifically to allow cram and digest connection to the imap server from the Internet while still having a cleartext password in the SQL table. I would not recommend it if you do not have this requirement.
--- Home Page: http://asg.web.cmu.edu/cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
