On Jan 6, 2015, at 11:38 AM, Reindl Harald <[email protected]> wrote: > > this is nonsense for several reasons: > > * both of our email contain a dot in the local part > * in case of dictionary attacks you make them > easier with "result in the same user" > * any "arbitrary" char in the username makes a failed login more likely > * if you consider a attack to the dovecot backend you can be sure that > dovecot has less secure holes as your whole httpd/php/rc-stack
Thanks for your opinion. Gmail does this very "nonsense"... -- Robert inoc.net!rblayzor http://inoc.net/ _______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
