[imp] encrypted login password in form

Michael Yingbull mbull at uoguelph.ca
Sat Jul 24 08:03:07 PDT 2004


On 23-Jul-04, at 11:38 AM, Enrique wrote:

> Hi,
>  My university uses Horde/IMP as main WebMail system for staff and 
> students. I want to integrate this mail system with other tools. I 
> know how to login using a hidden form. However, the examples I have 
> seen expose passwords in plain text in the hidden form.
>
> I am not the administrator of the IMP site, so I cannot test some 
> things  myself experimentally. I wonder if redirect.php (or previous 
> scrips) would accept md5 encrypted password data passed in the hidden 
> form?.
>
> redirect.php get user/pass data from a Horde::getFormData function.
> Where can I find that function's code or documentation?

Enrique,

Just use IMP in SSL mode.   Any credential you pass in plain text is 
still in plain text.   If your IMP runs over https instead of http, 
you'll get the encryption of the plain text traffic (password and 
otherwise) you're looking for.


--
Michael Yingbull



More information about the imp mailing list