On Thu, Feb 24, 2005, Dan Weber <[EMAIL PROTECTED]> said: > I'd suggest instead of APOP, use POP3 over SSL. Storing passwords in > plaintext shouldn't be done in any context. Seriously.
Doesn't work if we don't have control of the hashing type, as with LDAP. Plus, APOP only handles the authentication, not the data flow. Plenty of people would like to secure their entire session and not just the login handshake. Aaron
