Quoting Harold Hallikainen ([EMAIL PROTECTED]):
> Are others generally running SM over SSL?
I run SM on https with self made and self signed certs. Works like a
charm, but yes, you have to keep up to date with security releases ;)
--
| Year, n.: A period of three hundred and sixty-five di
On Thu, 31 Oct 2002, Lilla wrote:
> > The machine running RH7.3 (and the SSL
> > hole) now has port 443 blocked at the router so I can use SM on the LAN,
> > but use pine over SSH from the outside world (where I am now).
> > Are others generally running SM over SSL?
>
> At my place we _only_ a
> The machine running RH7.3 (and the SSL
> hole) now has port 443 blocked at the router so I can use SM on the LAN,
> but use pine over SSH from the outside world (where I am now).
> Are others generally running SM over SSL?
At my place we _only_ accept SM over SSL, no HTTP. I'm also running
> Are others generally running SM over SSL?
I do for my "production" copy of SquirrelMail. For my CVS copy, which
only I use for testing, I don't bother. I'm using a "demo" SSL cert which
is only good for 6 months, but once it expires I'll just go self-signed, I
think.
--
Chris Hilts
[EM
Of course, everything between the client and SM is encrypted by
SSL, but I don't think the stuff between SM and IMAP is. And the original
writer wanted to keep unencrypted stuff off the LAN between SM and the
IMAP server. I'm running SM and IMAP server on the same machine, so this
is not an
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, October 31, 2002 10:07 AM
Subject: Re: [SM-USERS] SM vs IMAP/SSL
> By pushing SM to https, wouldnt that will do the trick ?
> I mean once you are on https, everything is encrpted.
>
> --- Chris Hilts <[EMAIL PROTECTED
Hello Ben,
On Thursday, October 31, 2002, Ben Sabini wrote...
> By pushing SM to https, wouldnt that will do the trick ?
> I mean once you are on https, everything is encrpted.
Unfortunately no... this will only encrypt the traffic between the end
user and the SM code itself... not between the SM
> By pushing SM to https, wouldnt that will do the trick ?
> I mean once you are on https, everything is encrpted.
That will encrypt communication between the web browser and the web
server. It will still leave the password sent from the web server to the
imap server unprotected.
[users's browse
By pushing SM to https, wouldnt that will do the trick ?
I mean once you are on https, everything is encrpted.
--- Chris Hilts <[EMAIL PROTECTED]> wrote:
> > My IMAP-server is not on the same box as SM is running. To avoid
> sending
> > cleartext passwords over my LAN is it possible to configure S
> My IMAP-server is not on the same box as SM is running. To avoid sending
> cleartext passwords over my LAN is it possible to configure SM to use
> IMAP/SSL instead? (I'm runninge Courier-IMAP 1.5.3 with OpenSSL 0.9.6g)
I'm working on support for this right now. Unfortunately, it requires PHP
4.3
10 matches
Mail list logo
