Jonathan N. Little wrote:
Paul B. Gallagher wrote:
The settings you describe work fine for me. They're not as secure
as they might be (other possibilities might also exist), but they
do work.
Why "not as secure as they might be"? Because of the normal password?
You don't need an encrypted password with StartTLS and SSL/TLS
because the connection is encrypted *before* the password is sent.
Encrypted passwords where useful when the initial connection to the
server was unencrypted. In any case the server doesn't save your
password, or shouldn't, just has the hash.
Well, I see it as wearing a bulletproof vest and helmet, leaving your
arms, legs, and face exposed. Good but not perfect.
It was mostly a throwaway line to say "I'm not recommending this as
perfect or even ideal, just saying it should work, so don't complain to
me about any security issues." You've seen the oft-repeated advice not
to put anything in an email that you wouldn't put on a postcard...
--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
