On Tue, 10 Feb 2004 [EMAIL PROTECTED] wrote: >Well, just as I remove the imap option, up pops an app that doesn't >use ssl. >So, back comes the imap. >I changed the run prog to have --allow-plain >but it still wouldnt work. I changed the conf to allow plain and it >works.
Command line options bugs.. looking into these now. >ie, the command line didn't override the conf. >So I have 2 choices, I can either make the conf have "allow plain = >yes" or I can have 2 conf files, one with it yes for the imap and the >other with it no for imaps. >At the moment I have 2 conf files. >What are consequences of having just the 1 conf file with allow plain >= yes for imap and imaps? >In the future I will be allowing internet access on imaps and intranet >access on imap. fwiw. The drawbacks of allowing plain text authentication are many, even on a closed intranet. If your clients use plain auth, 1) If your network is hubbed, anyone with root access to their own machine can tcpdump and extract all users' passwords 2) If someone has root access to your machine, they can tcpdump and get your password. They can naturally also use strace and so on, but unless they intercept X11 packets with the keypresses you use to type in your password, they will only see garble 3) If someone spoofs the imap server (using ip address collision, dns spoofing or something) and intercepts the traffic, they will get your passwords. Basically, with clients sending plain text packets on the network, they're relying on the wire to transport their data untampered with, and to the right destination. With SSL, they know for sure that the packets reach the intended destination (Binc IMAP) untampered with. Of course, if everyone trusts everyone, then SSL is pointless. But in 99% of all cases, using SSL is the way to go. It's also painless to enable in most email clients, and Binc IMAP doesn't really give you problems with enabling it server-side either. Andy :-) -- Andreas Aardal Hanssen | http://www.andreas.hanssen.name/gpg Author of Binc IMAP | "It is better not to do something http://www.bincimap.org/ | than to do it poorly."
