Even if we follow
Coyote's advice and use session keys,
there are still security implications. When the user first
sends his password, it will be plaintext. Anybody
between your user and the webmail server could pull the
password off of the network.
The only universally supported system that I can think of
is SSL. 128-bit encryption is way better than
hashing passwords or using session keys. In theory, you
shouldn't even need to use session keys (but you should,
because two layers of security are better than one). Plus,
with SSL, everything is encrypted, so your users network can't
be sniffed to find out the content of messages (but the mailservers can).
To wrap it up, session keys have worked, and still do, SSL
encryption is better, but nothing is perfect. A determined cracker
could probably still get access to the contents of your
user's mail, but you will be making it a lot harder for him.
--
IndyZ
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.