On Sun, 25 Nov 2001, Branko [iso-8859-2] Ivanoviæ wrote: > Hello group, > > I would like to ask if anyone has some expirience working with or security > auditing WebMail program, written in PHP, called SquirrelMail. As I can see > in version 1.06 and 1.2.0rc2 it is using IMAP, which I consider as highly > insecure protocol. Correct me please if I`m wrong. If it`s a bad choice for > WebMail access, then what are alternatives?
Well ... if you consider IMAP insecure, what protocol do you consider secure? What is your definition of secure protocols? Reading mail through pine & telnet is insecure, pop3 is insecure, webmail through unencrypted HTTP is insecure, IMAP is insecure. The idea of SquirrelMail is that it connects to an IMAP server at 'localhost' (at least, that is what I presume. I tried horde/imp once and it did exactly that). If you configure your IMAP server that it only listends on 'localhost', you are safe for the mail part. Ofcourse, you'll be needing SSL over HTTP to be sure that password & email remain protected. Regards, Johannes Verelst > Regards, > > Branko Ivanoviæ > System Administrator > Faculty of Economics, Belgrade University > -- /===================================\ /====================================\ | Johannes Verelst | Email: [EMAIL PROTECTED] | | Web: http://www.verelst.net | IRC: nl.eu.slashnet.org / Gullie | +===================================/ \====================================+ |"Programming today is a race between software engineers striving to build | |bigger and better idiot-proof programs, and the Universe trying to produce| |bigger and better idiots. So far, the Universe is winning." | \==========================================================================/
