Its not hard to enable HTTP authentication.
On May 13, 2008, at 1:07 AM, Jens Alfke wrote:
On 12 May '08, at 10:57 PM, Omar Qazi wrote:
I have an app that sends emails, and what I did is have it post the
message parameters to my server. Then, a PHP page processes the
parameters and sends
On 13 May 08, at 17:40, Matt Burnett wrote:
Now your talking about hackers instead of spammers. It is hard to
sniff a HTTP session, you have to penetrate your victim's network
enough to be able to do so.
You're assuming that the application is only ever used in a trusted
environment,
On 12 May '08, at 10:57 PM, Omar Qazi wrote:
I have an app that sends emails, and what I did is have it post the
message parameters to my server. Then, a PHP page processes the
parameters and sends mail using PHP.
Cool! What's the address of your PHP script? I have a couple million
Well in my case, the script only let's you send email in a specific
format (i.e. Hey __, Your friend ___ sent you _), but
thats a good point. It's not an unsolvable problem though, all you
need is some way to make sure the request is really coming from your
application, like
On 13 May '08, at 4:35 PM, Matt Burnett wrote:
Its not hard to enable HTTP authentication.
It's also not hard to eavesdrop on the HTTP session using tcpdump, or
to debug or disassemble the app to recover the password.
In other words, putting a shared secret into an application
On 13 May '08, at 5:40 PM, Matt Burnett wrote:
Now your talking about hackers instead of spammers.
There's not really a difference nowadays, since most spam is sent from
pwned servers/PCs.
It is hard to sniff a HTTP session, you have to penetrate your
victim's network enough to be able
I'm used pantomime framework to send mail without using any email
client.But the connection is established,after that serviceInitialized
method doesn't run.I given correct server,name and password.Anybody can
help me?
When the try to use Mailcore framework,the connectToServer function
throwing