[imp] Multiple email accounts?

Kevin Myer kevin_myer at iu13.org
Wed Jul 20 05:02:43 PDT 2005


Quoting Michael M Slusarz <slusarz at mail.curecanti.org>:

>> Fetchmail passwords are stored unencrypted in the fm_accounts preference..
>
> Yuck.  Should we change this to require users to provide passwords
> whenever they login?

I'd much prefer a more flexible, secure way of storing and using usernames and
passwords, with methods to make these credentials available to all modules.  I
have other reasons for that idea (namely needing an easy way to 
interface, from
Horde, with external websites that require credentials, or with systems that
don't, or can't, use Horde credentials).

Storing passwords fundamentally comes down to end-user convenience - I think
that a well designed safe/wallet would provide the same level (or more) of
security as someone posting five usernames/passwords on a sticky note on their
monitor, plus they need not constantly be re-entering those usernames and
passwords.  If you think of storing unencrypted passwords in a preference
backend as being like a virtual sticky note on a monitor, requiring a user to
type a password, that they're going to write down somewhere anyway, isn't all
that more secure, if at all (except in the case where users memorize their
passwords, but if thats the case, they either have good memories, or simple
passwords).

No comments on dev for that idea - original enhancement request (not mine) is
#811.

Kevin
-- 
Kevin M. Myer
Senior Systems Administrator
Lancaster-Lebanon Intermediate Unit 13  http://www.iu13.org




More information about the imp mailing list