[imp] https for login

Dominique Dalponte dominique.dalponte@utbm.fr
Fri, 15 Mar 2002 16:30:12 +0100

Previous message: [imp] https for login
Next message: [imp] https for login
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hello

sorry I are right, I forgot that it was the webserver (via php) who tell the
imap server

sorry sorry..


Surlignage Chuck Hagenbuch <chuck@horde.org>:

 Quoting Dominique Dalponte <dominique.dalponte@utbm.fr>:
 
 > perhaps it slow but if you wan't to suppress ssl after login, it is not
 > usefull to have ssl during login
 > 
 > your password will be sniffing after the logging !
 
 On what information do you pass this assertion?
 
 Once you log in, your password is stored in your session - which is on the 
 server - and is never sent in between the webserver and browser. It of 
 course is sent to the IMAP server, but SSL on the browser/webserver leg 
 won't help that in any case.
 
 -chuck
 
 --
 Charles Hagenbuch, <chuck@horde.org>
 "A dream which helps you to live your reality with dignity
  and justice is a good dream." - Tariq Ramadan
 
 -- 
 IMP mailing list: http://horde.org/imp/
 Archive: http://marc.theaimsgroup.com/?l=imp&r=1&w=2
 Frequently Asked Questions: http://horde.org/faq/
 To unsubscribe, mail: imp-unsubscribe@lists.horde.org
 
 
 


-- 
Dominique Dalponte
Utbm, Centre de Ressource en informatique
90010 Belfort Cedex, France
tél : 03/84/58/31/49    http://www.utbm.fr

Previous message: [imp] https for login
Next message: [imp] https for login
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]