[imp] Windows XP caches login credentials.

[Eric Rostetter]

Quoting Stephen Samuel <samuel@bcgreen.com>:

> That having been said, do the IMP installation docs STRONGLY suggest
> to the installer that they put things onto an HTTPS site (A pointer
> to docs on how to enable HTTPS on apache might be a good idea too)

Strongly? Not sure.  Here is what the INSTALL doc does say, so as you
can see it is suggested, if not "strongly" suggested.

3. Securing IMP

   There are two channels by which, unless steps are taken to avoid
   it, IMP encourages users to pass their IMAP and POP3 passwords
   around the Internet unencrypted.

   The first channel is between their browser and the Web server.
   We strongly recommend using an SSL-capable Web server to give
   users the option of encrypting communications between their
   browser and the Web server on which IMP is running; some sites
   may wish to disable non-SSL access entirely.

   The second channel is between the Web server and their IMAP
   or POP3 server. The simplest way to avoid this is to have the
   mail server running on the same system as the Web server, and
   configuring IMP to connect to the IMAP or POP3 server on
   "localhost" instead of on the Internet hostname. In cases where
   that is not possible, we recommend using IMAP-SSL or POP3-SSL to
   ensure that users' passwords remain safe after they have entrusted
   them to IMP.

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

"TAD (Technology Attachment Disorder) is an unshakable, impractical devotion
to a brand, platform, product line, or programming language. It's relatively
harmless among the rank and file, but when management is afflicted the damage
can be measured in dollars. It's also contagious -- someone with sufficient
political clout can infect an entire organization."

--"Enterprise Strategies" columnist Tom Yager.