At 12:15 AM 23/02/2002 -0800, you wrote: >Matthew Nuzum wrote: > > > Install SquirrelMail (squirrelmail.org) or neomail/acmemail/other > > webmail program on the server. Install SSL on the site. Check your > > e-mail through a webbrowser using SSL. > > > > This is my preferred way. > >I could never limit myself to using webmail; there's just too much I >can't do. And it's much too slow. >
SSL over web mail is a secure option, and one that I would hope many of your customers used. You never know who's sniffing who's subnet. >And even if I did, how could I convince my clients to? Tell them: "Our >security policy means you have to change everything you've ever done >before". Sorry, but I don't think that's conducive to keeping clients. Most clients won't even know what the first thing is to keep themselves secure. But if you, perhaps create a FAQ or security page on your web site explaining the dangers of sending clear text passwords through pop, ftp, telnet, web browsing, etc then you could help point out to them these dangers clearly, and how to stop someone from snatching their passwords. Using programs like Eudora with apop, sftp from openssh, ssh program like SecureCRT instead of telnet, and using SSL whenever they need to authenticate themselves browsing, also making sure to change around their passwords regularly. >Jeff >-- >Jeff Lasman <[EMAIL PROTECTED]> >Linux and Cobalt/Sun/RaQ Consulting >nobaloney.net >P. O. Box 52672, Riverside, CA 92517 >voice: (909) 778-9980 * fax: (702) 548-9484 >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
