On Tue, 27 Nov 2001, Johannes Verelst wrote:
> Well ... if you consider IMAP insecure, what protocol do you consider
> secure? What is your definition of secure protocols? Reading mail through
> pine & telnet is insecure, pop3 is insecure, webmail through unencrypted
> HTTP is insecure, IMAP is insecure.
>
> The idea of SquirrelMail is that it connects to an IMAP server at
> 'localhost' (at least, that is what I presume. I tried horde/imp once and
> it did exactly that). If you configure your IMAP server that it only
> listends on 'localhost', you are safe for the mail part. Ofcourse, you'll
> be needing SSL over HTTP to be sure that password & email remain
> protected.
I consider IMAP insecure, however, I run Squirrel mail on the same
machine I have the mail server on and while I am running IMAP I simply
firewall it's services so that no one may access it external to the server
and allow Squirrel mail to access IMAP internal (no further
configuration). This allows you to run IMAP and Squirrel mail so that
IMAP isn't going to get exploited... You are left with the plain text
username/password vulnerable combo - yes but this is a general norm
considering other mail protocols.
Yea, SSL for it would be great. I heard about tests with Squirrel
mail and SSL but nothing concrete - this is probably one of the main
problems with it's security.
Just my $0.02 centavos.
Travis
=-=[Travis Ogden]-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
ICQ UIN: #30220771 "Courage is not defined by those who
AIM ID: Gen2600 fought and did not fall, but by those
Email: who fought, fell, and rose again."
[EMAIL PROTECTED]
Website:
http://www.FreeBSDFoo.com/~traviso
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
