> > "If your mail server is the same as your web server, there is no need > for the encrypted communication. It's useless. Just toss it out the > window, if you can." > > I don't understand what this means. Isn't the password used to access > SquirrelMail sent in cleartext? Why wouldn't I use the ssl tunnel to > protect the password?
Because in order to sniff the loopback interface, you need root. If a malicious user has root on your server, the game is already over and you have a lot more to worry about than your IMAP password getting sniffed. -- Chris Hilts [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
