Results 1 to 3 of 3
  1. #1
    Junior Member
    Join Date
    Sep 2002

    POP3S vs. POP3...


    I've been trying to get POP3S working on my RH7.2 box, and I can get to work, but not without it popping up a window re: the cert not being trusted, etc... And w/ Eudora, it won't work at all with the certificate, even if I add it to my trusted certs...

    So, my question is: How big of a security hole is it if I just run POP3??? All users who will be getting mail, and therefore sending clear-text passwords, will be users with pretty much no access other than mail (i.e. /bin/false)... Is it possible that someone with just a mail user's ID and PW could escalate that ID beyond it's current low-access settings??? Or someone who sniffed that ID/PW as it was sent???

    Thanks Much...

  2. #2
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    I would think the biggest concern would be for your user's privacy, and not necessarily for your system's integrity. If passwords are being sent clear-text, many of your users might object to some unscrupulous type reading their email -- email that could potentially contain credit card numbers (geez, I hope not), personal information, confidential communiques, and other information not meant for the general public. I think a good rule of thumb is: do your best to protect your users whenever possible, and when it's not possible, inform them of the potential for their communication to be compromised.
    /* You are not expected to understand this. */

  3. #3
    Senior Member
    Join Date
    Nov 2001
    I don't think you should give up one the PKI/Certificates. PKI is growing as we speak and is going to be a standard for securing environments/transmissions. PKI rocks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts