Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

framebuffers and passwords 3 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • WebDav is generally a good thing, but it does need to be done over SSL or using Digest authentication to make it secure.

    Of course, sharing the password with other systems, whilst very convenient in practise can also lead to these sorts of exposures.

    However, I don't see much reason why they can't run pop3 / IMAP over SSL as well. It's not difficult to do and increases the security a lot.

    -Dom

    • WebDav is generally a good thing, but it does need to be done over SSL or using Digest authentication to make it secure.

      WebDAV is done via SSL. This in itself is ok. Not so ok is the lack of encryption for every other service.

      As for why they haven't yet migrated to SSL for at least the mail-service is beyond me as well. It has been suggested to them often enough, but so far only a mumble that this is going to happen at some indefinite point in the future was returned.

      The only good thing about it is that I don't have to change my fetchmail and exim config in the foreseeable future. :-)
      • With stunnel [stunnel.org] it's almost trivial to wrap most pop3 / imap services if they don't support ssl natively.

        NNTP is harder, because it tends to be builtin to inn, but I'm sure that it could be done with some jiggery pokery, more stunnel and virtual IP addresses.

        -Dom

Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.