On Thu, Feb 20, 2003 at 10:36:47AM +0000, Brian Candler wrote: > Pretty much, although there is a way to mitigate that: let a different box > handle the SASL exchange for you.
You mean if I compromise the Courier server and reconfigure it to use PLAIN passwords, the client will notify the user that a configuration change has occured, so that they don't send their password? I don't think so ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
