On Sat Feb 21, 2004 at 02:40:57AM +0530, Mutt-user wrote: > I like to use imap and not with fetchmail for offline viewing later, so I > use imaps://username:password@xxxxxxxxxx to access my server with imap. > But I'm paranoid, doesn't using this is a security risk? typing this in a > single line command, goes as it is thru my isp server/proxy, isn't it? So, > the password goes up to the isp as cleartext right? Correct me if I'm > wrong. If you are in fact using imaps:// (ssl), then all your communication with the server is encrypted and secure. The ssl should establish this secure connection before any actuall data is passed. If you are truly paranoid, it might be fun to check it out for yourself: # tcpdump -Xvni eth0 host domain.com and port 993 | grep password If for some reason your password does show up, maybe you should set the password in your .muttrc (but i really don't think it would). I am assuming that your question is do to the fact that you are passing the username and password in the imaps:// url. -- jacob[at]buildtheb0x.com | 56DE 6C58 C961 BE57 4F1F EA67 E7E1 BFDF 2106 0288 - How many MCSE's does it take to wallpaper a room? It depends on how thin you slice them.
Attachment:
pgp36nkudjXJS.pgp
Description: PGP signature