[imp] encrypted login password in form
Michael Yingbull
mbull at uoguelph.ca
Sat Jul 24 08:03:07 PDT 2004
On 23-Jul-04, at 11:38 AM, Enrique wrote:
> Hi,
> My university uses Horde/IMP as main WebMail system for staff and
> students. I want to integrate this mail system with other tools. I
> know how to login using a hidden form. However, the examples I have
> seen expose passwords in plain text in the hidden form.
>
> I am not the administrator of the IMP site, so I cannot test some
> things myself experimentally. I wonder if redirect.php (or previous
> scrips) would accept md5 encrypted password data passed in the hidden
> form?.
>
> redirect.php get user/pass data from a Horde::getFormData function.
> Where can I find that function's code or documentation?
Enrique,
Just use IMP in SSL mode. Any credential you pass in plain text is
still in plain text. If your IMP runs over https instead of http,
you'll get the encryption of the plain text traffic (password and
otherwise) you're looking for.
--
Michael Yingbull
More information about the imp
mailing list