[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] squirrelmail



On 8/1/07, Huck <dhuckaby paasda org> wrote:
> pretty sure it's a good idea to use the secure http eh? although not
> sure if it's necessary as it's using IMAP rather than POP3...so
> shouldn't be passing the passwds in cleartext. no?

HTTPS is good.

IMAP can send passwords in the clear, depending on the the SASL auth
method (PLAIN is... plain, CRAM-MD5/GSSAPI etc. are not)  (IMAPS or
IMAP TLS never does, even using PLAIN).

In this case, they would be going to localhost from localhost
(remember squirrelmail is the IMAP client here) as long as
squirrelmail is on your mail server.

-- 
Dan Young <dyoung mesd k12 or us>
Multnomah ESD - Technology Services
503-257-1562


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]