I guess we all agree then: no apop for ldap-based authentication.
Aaron Stone wrote:
On Thu, Feb 24, 2005, Dan Weber <[EMAIL PROTECTED]> said:
I'd suggest instead of APOP, use POP3 over SSL. Storing passwords in
plaintext shouldn't be done in any context. Seriously.
Doesn't work if we don't have control of the hashing type, as with LDAP.
Plus, APOP only handles the authentication, not the data flow. Plenty of
people would like to secure their entire session and not just the login
handshake.
Aaron
_______________________________________________
Dbmail-dev mailing list
Dbmail-dev@dbmail.org
http://twister.fastxs.net/mailman/listinfo/dbmail-dev
--
________________________________________________________________
Paul Stevens [EMAIL PROTECTED]
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands_______________________________________www.nfg.nl
