Re: which pop3/imap secure method should I use?
On Monday 13 June 2005 04:23 pm, LeVA wrote: Hi! I've configured a courier-imap server with pop3(-ssl) and imap(-ssl) support. Now I can not decide which combination of methods is the most secure (first of all) and most usefull (lastly) for me. The courier server supports both SSL and TLS, and I can use PLAIN and CRAM-MD5 methods for authentication. My mail user agent supports all of the above, so I would really appreciate if someone could tell me which configuration is the most secure way. TLS and SSL are equally secure. TLS is easier on your system's resources; Courier-IMAP runs a seperate daemon for SSL connections, which you don't need if you use TLS. PLAIN is easier to set up. IIRC, CRAM-MD5 requires a seperate password file. Shouldn't be a risk if you're only using PLAIN over TLS. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: which pop3/imap secure method should I use?
On Monday 13 June 2005 04:41 pm, LeVA wrote: 2005. jnius 14. 01:36, Ian Eure [EMAIL PROTECTED] PLAIN is easier to set up. IIRC, CRAM-MD5 requires a seperate password file. Shouldn't be a risk if you're only using PLAIN over TLS. I understand that with TLS or SSL the clear text passwords are secured, so do you think that an SSL + CRAM-MD5 combination is just a usesell complication of the problem, and I should stay with the SSL(or TLS) + clear text auth or with the no connection encryption + CRAM-MD5 auth? I don't see why it would be helpful, unless you're trying to keep your info secret from a determined/resourceful attacker. But an attacker like that would probably get it anyways. I use TLS PLAIN, and encrypt/sign my messages with GPG for my business email, and I think that's plenty secure for my needs.
Re: Please allow drupal 4.5.3-1
On Wednesday 01 June 2005 04:54 pm, Hilko Bengen wrote: Just a few hours ago, the Drupal project has released version 4.5.3, a bugfix release which fixes a serious security bug. I have created and just uploaded a 4.5.3-1 package to unstable. Updated Debconf translations are the only additional changes over 4.5.2-3 which is the version in sarge. Any reason why you can't just apply the patch to fix that specific bug? And you probably want to be emailing the release team... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Apache 1.3.33 (from sarge) and mod_chroot
On Wednesday 23 March 2005 10:31 pm, Krzysztof Jwiak wrote: Hello! My web server was hacked a few days ago and I decided to install some new program and modules which improve security. I find in sarge libapache-mod-chroot which chroot apache (and it work fine) but I can't send mail from php. I installed ssmtp in chroot (I think so) in chroot environment but it doesn't help :( Does anyone use this module? Perhaps I do something wrong with it ssmtp... It has been my experience that PHP doesn't work with ssmtp, at least not with the default ssmtp/PHP configurations in Debian. It's probably better to install exim with a minimal config anyways, so you don't lose messages if the smarthost/target system is unavailable.