Dave Roberts wrote:
Niklas Gustavsson wrote:
What would you all think of this, would it be useful?
Sounds useful to me. Sometimes it's the operator of the server that
wants to protect the data, and the client users don't care.
Enforcing this seems a good solution. Whilst there, it'd be useful
to enforce that SSL is running before the client sends the USER
command, to stop passwords being given away.
Since the USER command is sent on the control socket, you can already
enforce this using implicit SSL. Or, am I misunderstanding something=
/niklas
