On Fri, 30 Nov 2001, Gary McKinney wrote:
[snip]
One caveat here - make sure you are running 128-bit encryption as there is
hardware available now that would allow brute-force decryption of 64-bit DES
in about 48-hours or so... (Ah - the wonders of technology) and do not cost
a great deal
: Thursday, November 29, 2001 2:02 PM
To: .:[Travis]:.
Cc: Johannes Verelst; Branko Ivanovic';
[EMAIL PROTECTED]
Subject: Re: Squirrel Mail - just how secure it is?
Why not just use https (port 443) connections? Just look through the
apache documentation to have it work for SSL and disable
Why not just use https (port 443) connections? Just look through the
apache documentation to have it work for SSL and disable access to
squirremail via http (port 80). Then there won't be clear text
passwords. This should be independant of Squirrelmail. SSL is enabled
here on a Redhat 7.2
On Tue, 27 Nov 2001, Johannes Verelst wrote:
Well ... if you consider IMAP insecure, what protocol do you consider
secure? What is your definition of secure protocols? Reading mail through
pine telnet is insecure, pop3 is insecure, webmail through unencrypted
HTTP is insecure, IMAP is
On Tue, 27 Nov 2001, .:[Travis]:. wrote:
[snip]
I consider IMAP insecure, however, I run Squirrel mail on the same
machine I have the mail server on and while I am running IMAP I simply
firewall it's services so that no one may access it external to the server
and allow Squirrel mail to
Paul Leroy
-Original Message-
From: Richard Garand [mailto:[EMAIL PROTECTED]]
Sent: 27 November 2001 02:35
To: Branko Ivanovic; [EMAIL PROTECTED]
Subject: Re: Squirrel Mail - just how secure it is?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On November 25, 2001 06:20 am, Branko Ivanovi
As opposed to...? Isn't that ALWAYS true? Of EVERYTHING?
[EMAIL PROTECTED] wrote:
ummh well it is not a bad webmail program but security is only as good as
the administrator who implements it!
[snip]
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
On Sun, Nov 25, 2001 at 01:20:28PM +0100, Branko IvanoviU wrote:
Hello group,
I would like to ask if anyone has some expirience working with or security
auditing WebMail program, written in PHP, called SquirrelMail. As I can see
in version 1.06 and 1.2.0rc2 it is using IMAP, which I
ummh well it is not a bad webmail program but security is only as good as
the administrator who implements it! i think ...i got a nice working
version of squirrelmail hasnt given me any problems so far and if you want
a webmail program you have to use some sort of IMAP regardless of how
What do you mean by how secure is it?
is your requirement for the internet or the intranet.
My honest oppinion is that it is relatively insecure
given that clear text user id and passwords are
traveling thru your network connection
I have not attempted to use squirrel on ssl
but last i heard it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On November 25, 2001 06:20 am, Branko Ivanovi wrote:
I would like to ask if anyone has some expirience working with or security
auditing WebMail program, written in PHP, called SquirrelMail. As I can see
in version 1.06 and 1.2.0rc2 it is using
On Sun, 25 Nov 2001, Branko [iso-8859-2] IvanoviƦ wrote:
Hello group,
I would like to ask if anyone has some expirience working with or security
auditing WebMail program, written in PHP, called SquirrelMail. As I can see
in version 1.06 and 1.2.0rc2 it is using IMAP, which I consider as
12 matches
Mail list logo
