On 02/19, Peter Gradwell wrote:
> > I see there are some pop3-before-smtp authentication patches.
> >But using pop3 before sending mail is awkward. So... why nobody
> >thought about a patch using a password in user's e-mail? :)
> >Any MUA allows user to enter his e-mail. ANY. Let's use it!
> >password#username@host. Check that password at mail from: point,
> >receive message if user's password is okay, strip password# from
> >all headers and continue the work...
> > What's wrong with this idea? I think I'm inventing a bicycle,
> >but there must be a good reason to reject it...
> it sounds horribly insecure to me...
Yeah... I just realized that user can post a message to
third-party newsserver, sending his smtp password through usenet %)
Oh well. It was a nice idea :(
--
Roman V. Isaev http://www.gunlab.com.ru Moscow, Russia
