Hello, On Fri, Feb 11, 2011 at 04:56:14PM -0500, Ed Blackman wrote: > I'm not sure how the "application-specific" part > of application-specific passwords works, though. > If I create a password for mutt, can I use the > same password if I telent to gmail on the imap > port and enter raw IMAP commands? If not, how > does it tell the difference?
Jokes aside, the only practical way to keep the application's user from impersonating the application is to: 1. imlpement strong auth between client and server parts and: 2. store and execute the application and its essential data (e.g. gmail password or decryption key for it) inside a tamper-proof device (SIM card/Xbox/PS3/iPhone/whatever) -- With best regards, xrgtn