[imp] encrypt login only?
Peter Horst
phorst at ointment.org
Sun Mar 21 08:50:47 PST 2004
* Chris Bellomy <chris at goodshow.net> [2004-03-21 10:37am]:
> Previously, Peter Horst wrote:
> : Is it currently possible only to encrypt the login phase of an IMP
> : session? I just want to protect passwords, not content.
>
> If your IMP installation is on the same servers as your mail
> store; or, if your mail store and IMP installation are on a
> private network (assuming there that your IMP server has two
> network interfaces, one public and one private); then all you
> need is to run IMP under https. Check your Apache docs for
> configuring virtualhosts under SSL.
>
> However, if your IMP installation connects to your mail server
> over a public network, then you'll need to encrypt your POP
> and/or IMAP connections. That will involve possibly recompiling
> your POP/IMAP daemons to support SSL/TLS, making sure that PHP
> is compiled --with-imap-ssl, and configuring IMP accordingly.
>
> cb
Thanks for your reply -- I am asking a slightly different question,
though, and I apologize if I was unclear. What I want to do is use SSL
encryption just for logging in to IMP, then drop back to regular http://
for the duration of the IMP session itself.
Basically I am trying to avoid the overhead of encrypting Grandma's 2 MB
digi-cam snapshots on their way to the browser, etc., without giving up
secure login.
Thanks much,
Peter
--
People who fight may lose. People who do not fight have already lost.
-- Bertolt Brecht
More information about the imp
mailing list