-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On November 25, 2001 06:20 am, Branko Ivanović wrote: > I would like to ask if anyone has some expirience working with or security > auditing WebMail program, written in PHP, called SquirrelMail. As I can see > in version 1.06 and 1.2.0rc2 it is using IMAP, which I consider as highly > insecure protocol. Correct me please if I`m wrong. If it`s a bad choice for > WebMail access, then what are alternatives?
I don't know about any insecurities in the IMAP protocol itself other than cleartext transmission (I would look for servers and clients that support some form of encryption, like I have with POP). I'm planning to use this too, but since it's only for a private online access system and it will be running on the mailserver, I plan to put it in a restricted section of my SSL server. - -- Richard Garand - r i c h a r d @ g a r a n d n e t . n e t (L)ICQ: 12190132 - http://www.garandnet.net "...systems wrongly configured with Microsoft SQL Server software..." -- ZDNet -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8At+9juZKnjxs0fMRAm+VAKC1ciSkrALRtWUIkEohVqv/JZCSqwCg+fij nqo9QIWIIvBOR16NOlitRbo= =JX8C -----END PGP SIGNATURE-----
