[horde] Sessions consuming CPU
Michael M Slusarz
slusarz at horde.org
Fri Nov 4 20:04:46 UTC 2011
Quoting Eric Jon Rostetter <eric.rostetter at physics.utexas.edu>:
> Quoting Michael M Slusarz <slusarz at horde.org>:
>
>> This can be safely ignored. Although, you should configure IMP NOT
>> to use TLS connections
>
> Only if you can safely do so! Assuming a private connection or both
> services on the same host, yes. Assuming the network between the two
> is relatively safe from sniffing, yes. But if people have access to
> the network between them, then no.
Yes, this is correct. However, this doesn't mean much since, in most
situations, plaintext authentication won't be offered (as required by
default per the RFC), so there is no security issue. Furthermore, TLS
connections should theoretically NEVER fail because they are required
by IMAP4rev1.
Further, I would guess a large percentage of users are running IMAP on
the same server they are using Horde on, so TLS would theoretically
not be needed in this situation (many IMAP servers will offer
plaintext authentication options on connections from localhost).
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the horde
mailing list