Hello, As a proponent of IMAP, I offer the following: 1. IMAP is NOT insecure. This is a clip from the CERT: This is an attempt to alleviate some confusion with respect to recent security concerns related to IMAP. There have been some reports that there is a security vulnerability in IMAP (the Internet Message Access Protocol) itself. This is not the case. There is a security vulnerability in specific implementations of IMAP and POP servers. However, not all IMAP and POP software implementations, and certainly not the protocols themselves, suffer from this vulnerability. 2. If you are looking for a nice web-based IMAP client, look into a Roxen web server / IMHO package (both are included in SuSE). I have used it for over a year without problems. Good luck Ron --- okh-linux@post.cybercity.dk wrote:
On Thu, 17 Aug 2000, the webster wrote:
Hello,
Im thinking of getting a webbased mailchecker,
hopefully in php..
But almost all of the PHP scripts uses IMAP. And I have heard (from this list even, even says so in inetd.conf :P) that IMAP is *VERY* insecure. What I'm after is, how insecure is it for *me* to use.. ? Can my security be risked by enabling imap, by using it with a php client etc.. ?
As long as the webmail thingie is running on the same box as the IMAP server, you can make it very secure by simply setting up the ipchains to only allow access to the IMAP port from the same box.
This assumes that the insecurity lies in the protocol not the imapd program.
Regards
Ole
-- Windows: Where do you want to go today? MacOS: Where do you want to be tomorrow? Linux: Are you coming or what?
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
__________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
participants (1)
-
heroron@yahoo.com