On Friday, 26 April 2013 17:27:33 CEST, Mike Cardwell wrote:
You're right, there's definitely a vulnerability here, both in the
current IMAP implementation and in the planned change to the ESMTP
one. Perhaps it would make sense to silently modify the user's
settings during a first succesfull connect when the code decided to
"upgrade" to STARTTLS without being told so by the user?
That sounds like a good idea to me.
And this is in git now -- thanks for your suggestion, Mike.
With kind regards,
Jan
--
Trojitá, a fast Qt IMAP e-mail client -- http://trojita.flaska.net/
