Page 1 of 1

Security and imap_open

Posted: Thu Jun 12, 2003 4:18 am
by micrix
hi people,

i'm programming a web interface for my emailaccount using the php imap-functions like imap_open().

one parameter should be the password. therefore i got a question:
how secure is it to submit the password via the http-protocol for ex. by a html-form?

greetz micrix

Posted: Thu Jun 12, 2003 4:27 am
by cactus
Completely insecure, there are (many) ways to negate this but but they do require some client side scripting and/or the use of SSL.

Posted: Thu Jun 12, 2003 4:33 am
by []InTeR[]
The http protocol sends all information in plain text. Everybody that can breakin in the connection can collect this information with sniffers or other tools.

And all information can be found in web logs on the server.

But, the information that a e-mail client sends to a mail server is allso plain text, and can be found as easly as http.

So there is no MORE security risk then a default mail client.
(without a secure connection)

Posted: Thu Jun 12, 2003 4:34 am
by micrix
that's what i thought too.
so, if i use ssl the imap_open function is as "insecure" as a normal email client like outlook for ex.?

however the skript will send the password unencrypted to the pop3-account, won't it?

greetz micrix