On Fri, 15 Mar 2002, Michal Altair Valasek wrote: > | very concerned about having my Xmail and Xmail-WAI admin passwords in > | plain-text in the config.xml file. > > These passwords must be in script usable form, which means plain text. > Every other solution is too much complicated. If you would follow my > directions, access to config.xml by intruder needs so high level of > control over your server, so the Xmail compromision would be the > smallest of your problems. > > | Xmail-WAI also displays the user's > | password in plain-text when they are logged in. This seems > | very in-secure to me. > > HTTP communication itself is insecure, so everything above is > irrelevant. I recommend to use SSL (HTTPS) for all mission critical web > apps.
If you're picky about security you can use stunnel to build a virtual SSL circuit - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
