|
|
But...
Yes, POP is still sending a cleartext password. In my given example, the cleartext password is going over the encrypted tunnel to the server, and then being transmitted unencrypted over 127.0.0.1. Now, if somebody's sniffing my localhost traffic on my OpenBSD server, my POP password is the least of my worries. ;-) Alternatively, this same method can be applied to a corporate network. Given where I discuss pointing your port forward to another address, the assumption is you have a secured network. In my case, at my place of employment, the corporate network exists behind a firewall, using the RFC1918 space, so the same method can be used to tunnel the cleartext password over the internet, then be used on the secured corporate network.
Basically, you need to do a threat assessment. A secured end-to-end connection, such as an SSL connection like you mention, would be ideal. It's also impossible in Claris Emailer, and likewise other apps I'm sure. Things that come to mind are BBEdit and Dreamweaver, which incorporate ftp functionality (mind you they may support better methods these days; I haven't used the ftp stuff in ages). Assuming you have an app which does not support SSL, port forwarding is one way to work around it. For that matter, in a threat assessment, I can assure you there will be people sniffing 802.11 traffic at MWSF; I am one of them. ;-) In your given example of port forwarding to say a home ssh box, then upstream to the ISP, while there's still risk of sniffing between the home box and the ISP, it's significantly lower than cleartexting over an 802.11 at MWSF. Port forwarding, like all other methods, is just one tool. It should be in your toolbox, but it's up to the individual to make a threat assessment and devise a security policy relevant to the individual threats.
Duh-referred article
I mention in the above "my example", but then don't link to it. Sorry, brain dead day I guess. Here'sthe example of which I speak...
|
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|