[imp] https for login

Chuck Hagenbuch chuck@horde.org
Fri, 15 Mar 2002 10:22:25 -0500

Previous message: [imp] https for login
Next message: [imp] https for login
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Dominique Dalponte <dominique.dalponte@utbm.fr>:

> perhaps it slow but if you wan't to suppress ssl after login, it is not
> usefull to have ssl during login
> 
> your password will be sniffing after the logging !

On what information do you pass this assertion?

Once you log in, your password is stored in your session - which is on the 
server - and is never sent in between the webserver and browser. It of 
course is sent to the IMAP server, but SSL on the browser/webserver leg 
won't help that in any case.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"A dream which helps you to live your reality with dignity
 and justice is a good dream." - Tariq Ramadan

Previous message: [imp] https for login
Next message: [imp] https for login
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]