raditha dissanayake a écrit :
at the risk of starting a flame war: IMAP is the devine way of using
email. POP3 sux. :-)
IMAP being a general file access protocol, there are inherent
security problems to be aware of. On some srv, you could easily
get /etc/passwd by simply knowing a single user/password.
And users with (really very) bad passwords are quite common.
Ok, it's often configuration issues, but better to know it...
Yes POP3 isnt the best one:
1. it's unsecure (clear text password)
-- but can be improved (APOP, POP3+SSL etc)
2. not suitable for moving people, as all mail
leaving the server's mail spool go the one
client box hard disk, not two (synch issues)
But has advantages too
- simple and efficient
- all webmail soft generally sucks (slow, folder management etc)
- some security issues avoided with good mail client like
mozilla (XSS, javascript stealing ident cookies, etc)
- every mail client supports it (not same with IMAP or POP3+SSL)
About webmail on a server I manage, I use these Perl ones
(sorry, not PHP):
1. neomail (html not supported, so much more secure)
2. openwebmail (html supported)
One disavantage : they run suid root...
For PHP based webmail, there are many, from memory I can
remember those quite well-known (YMMV)
- squirrelmail
- imp horde
- ilohamail
A simple google search leads many results. By example
http://www.cgi-bin.com/PHP_Scripts/Email/index.html
So, make an educated guess : check their capabilities
(only the one you needs), their security history
(just google for formmail.pl and formmail.php for
scary stories), test some an choose the best one
that suit your needs.
Just my 2cents,
Christophe
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
