raditha dissanayake a écrit :
IMAP being a general file access protocol, there are inherent
security problems to be aware of. On some srv, you could easily
get /etc/passwd by simply knowing a single user/password.
Please explain how.
[sorry to be off-topic on a php list but I'll answer anyway]
Example: badly configured server, angry user john using mozilla
and knowing a single login/password on the server
(that login doesnt even have a valid shell, ex /bin/false)
In mozilla, john creates an IMAP account, choosing '/etc'
as directory folder, then 'subscribe' to it. That way, he got
many "folders" locally, by example 'passwd'. In that folder,
a single mail titled '/etc/passwd'...
you can use SSL with IMAP too.
We can use SSL with many things. But the client side can't always
use it ([very] old mail clients by example). In a controlled environment
(where one can force users to use mail client xyz),
it's not a problem anyway.
Christophe
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
