On Fri, Nov 30, 2001 at 08:47:07AM +0500, Viktor Vislobokov wrote: > Есть еще один путь, если тебе надо защитить только авторизацию - > включи apop
Цитата из popa3d: There exist extensions to the protocol that are supposed to fix this problem. I am not supporting them yet, partly because this isn't going to fully fix the problem. In fact, APOP and the weaker defined SASL mechanisms such as CRAM-MD5 may potentially be even less secure than transmission of plaintext passwords because of the requirement that plaintext equivalents be stored on the server. -- Anton Petrusevich
