Hi, I am just reflecting about a little security problem and maybe someone knows a solution:
There is a web server, access over https, protected with one time passwords. When you login you get access to squirrelmail. The server is intended to give the users access to email from internet cafes and other untrusted computers. That's why it uses one time passwords, since such computers always are suspected of being compromised and might have things like keyloggers. Reading e-mail with squirrelmail requires a second login with the IMAP username and userpassword. But now, the same user and password database the IMAP server make use of (LDAP) is intended to be used for other purposes, and now it is risky if passwords are caught by keyloggers. Any idea how to circumvent entering the IMAP password for squirrelmail but still being secure? (User was already authenticated before) regards Hadmut ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf -- squirrelmail-users mailing list Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines List Address: [email protected] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
