[imp] imp 2.3.x vs TWIG

Rich Lafferty rich@horde.org
Sat, 27 Jan 2001 13:45:55 -0500


On Sat, Jan 27, 2001 at 10:04:38AM -0500, Jeff Greenfield (jgreen@calvin.edu) wrote:
> 
> Then either next to their address book, or separate
> database - maintain a list of "remote mailboxes" that the user can
> specify - which actually contains the IMAP hostname, username, and
> password of that remote mailbox.
[...]
> Of course, storing and passing a password to/from a database source
> might be too insecure for some, but I think that can be tightened
> enough to make this a feasible implementation.

On this, I would add:

Storing a password in a database source might be too insecure for
some, especially given users' propensity to reuse passwords. But users
will be able to not take advantage of it, and IMP-sites which refuse to
allow their users to do that will be able to not enable the feature
in the first place (this being the sort of thing best left *disabled*
by default.)

  -Rich

-- 
------------------------------ Rich Lafferty ---------------------------
 Sysadmin/Programmer, Instructional and Information Technology Services
   Concordia University, Montreal, QC                 (514) 848-7625
------------------------- rich@alcor.concordia.ca ----------------------