Security and imap_open

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
micrix
Forum Newbie
Posts: 7
Joined: Thu Jun 12, 2003 4:18 am

Security and imap_open

Post by micrix »

hi people,

i'm programming a web interface for my emailaccount using the php imap-functions like imap_open().

one parameter should be the password. therefore i got a question:
how secure is it to submit the password via the http-protocol for ex. by a html-form?

greetz micrix
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

Completely insecure, there are (many) ways to negate this but but they do require some client side scripting and/or the use of SSL.
[]InTeR[]
Forum Regular
Posts: 416
Joined: Thu Apr 24, 2003 6:51 am
Location: The Netherlands

Post by []InTeR[] »

The http protocol sends all information in plain text. Everybody that can breakin in the connection can collect this information with sniffers or other tools.

And all information can be found in web logs on the server.

But, the information that a e-mail client sends to a mail server is allso plain text, and can be found as easly as http.

So there is no MORE security risk then a default mail client.
(without a secure connection)
micrix
Forum Newbie
Posts: 7
Joined: Thu Jun 12, 2003 4:18 am

Post by micrix »

that's what i thought too.
so, if i use ssl the imap_open function is as "insecure" as a normal email client like outlook for ex.?

however the skript will send the password unencrypted to the pop3-account, won't it?

greetz micrix
Post Reply