[imp] HTTPS login -> HTTP

`Da Elf elf at greydusk.net
Wed Jan 14 12:46:37 PST 2004


I'm responding to the list on this ... though it's only remotely Horde related
really.

Quoting Ian Roberts <ianto_panto at mac.com>:
: I was wandering how I could implement a https login and then http for the
: rest of the imp application.

Yeah, but don't.

: The only secure bit I need is the login.  Also is it possible for me to

I would beg to differ the point.  Most of my users (for example) are "Cafe Rats"
and on the wireless networks here in Santa Cruz, sniffing packets is trivial at
worst, in fact we did it recently just to give some poor slob his password
since he couldn't remember it.

Anyway, ALL the mail, sent and recieved, can be read if you're not using SSL for
 all of Horde and its modules.  Not to mention contact information, schedules,
etc, etc.  Anyway, it is in your best interest to Secure All of your user's
data, and NOT just their username and password.  The uname/pass encrypted
protects you, sure ; but encrypting the whole thing protects THEM as well, and
that's your job as an admin.  The CPU cycles you burn doing crypto is
negligable for a session and if it's not, well, you should be upgrading.


: redirect customer browser to another domain name after login.
: ie.
: https://webmail.domain1.com -> login -> http://webmail.domain2.com/

Yes, config files for Horde and IMP.

--
__________________________________________________ EK - `Da Elf __________
That's a great computer you have there ...
Have you considered how it would work as a BSD machine?


More information about the imp mailing list