[imp] imp 2.3.x vs TWIG

andrew morgan morgan@orst.edu
Sun, 28 Jan 2001 00:09:16 -0800 (PST)


On Sat, 27 Jan 2001 rob@myinternetplace.net wrote:

> Quoting Jeff Greenfield <jgreen@calvin.edu>:
>
> > If you are talking about allowing the user to add or delete multiple
> > IMAP mailboxes themselves, this is the design I would approach:
> > Assume for the IMP installation, there will always be 1 default IMAP
> > server for each user (perhaps a dual key - Primary IMAP server /
> > UserID) that they log into.  Then either next to their address book,
> > or separate database - maintain a list of "remote mailboxes" that
> > the user can specify - which actually contains the IMAP hostname,
> > username, and password of that remote mailbox.  Thus the user only
> > has to log into their "primary" mailbox, and gets all the rest of it
> > (even if both their userid and password are different between the
> > systems).  Of course, storing and passing a password to/from a
> > database source might be too insecure for some, but I think that can
> > be tightened enough to make this a feasible implementation.
>
> I think that we are bumping into a design decision with IMP.  Are we
> getting hung up on the "primary inbox" thing?  I think I remember
> Chuck saying that there would be a "horde login" at some point.  That,
> of course, would be the "primary login", and then all of the email
> passwords/server names would be stored in the database.

Am I the lone voice of dissent on this issue?

I don't want IMP to store passwords in a database permanently.  I realize
they are stored right now in the database temporarily while the user is
logged in, but it seems like a bad security decision to keep the password
in the database permanently (between logins).  Even if the password is
encrypted/encoded/hashed, it would be possible to recover the plaintext
password.

If someone ever got their hands on the database, you would have to
consider all the accounts compromised.  Our webmail users are checking
accounts which are more than just email.  These accounts also have shell
access and store personal web pages and files, such as homework
assignments.  And if a system administrator ever uses webmail (even for
testing purposes), their account could be compromised. I suppose you also
tell your browser to save your password in forms?

I don't want to sound like the sky is falling, but I get worried when an
intermediate system wants to save my password.  Is it that hard for me to
type it in every time?

On a somewhat related note, I don't understand why you would want to make
several email accounts appear as one inbox.  If you really want them all
to be the same final destination, why not set each one to forward the mail
to a single account?  And if they are separate accounts, such as one for
business and one for personal, wouldn't you want those accounts to appear
separately in webmail?  I wouldn't want them mixed together in a single
inbox where the two purposes could be confused.

	Andy