>>> >>> I notice a nice secure login plugin in the plugins list >>> I would like to add it to my plugin list , what do I am >>> supposed to do on the apache configuration to get it work ? ( of >>> course my apache config actually works in cleartext ) I have generated >>> some self signed certs . >> >> >> If you use secure login plugin, you don't have to make any changes in >> apache configuration. If you make appropriate changes in apache config, >> you don't need secure login plugin. >> > > Hello Tomas > > > thanks for answering, I wonder if I understood well ... > > All I need is to "secure" the login/passwd sequence > not all the http transaction Is the secure plugin written to do this ?
then attacker only needs to gather enough information for cracking string xored with random key. You will send password encrypted with one time pad on any cookie request. String will be different on any login, but it will be generated from same fixed password string. >> You can use mod_rewrite or simple Redirect directives to forward users >> to secured site. > > I don't need https all the time just to encrypt login/passwd Why? What is wrong with encrypting communications between webserver and browser. Please keep SquirrelMail support question on mailing list. -- Tomas ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: [email protected] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
