> By pushing SM to https, wouldnt that will do the trick ? > I mean once you are on https, everything is encrpted.
That will encrypt communication between the web browser and the web server. It will still leave the password sent from the web server to the imap server unprotected. [users's browser] <==SSL==> [apache/php/squirrelmail] <==CLEARTEXT==> [imap] This can be avoided by using a wrapper like sslwrap to "tunnel" the communications to the IMAP server, using TLS or SSL connections (which will require PHP 4.3.x), or an authentication method such as digest-md5 which supports encryption. I've got code for TLS in a branch of CVS, but as I said, it requires a pretty fresh version of PHP. I'm also working on digest-md5, which will take me a while. Best bets for now is to use a wrapper. Chris Hilts [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
