Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.4: Enable encrypted SquirrelMail on Server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Enable encrypted SquirrelMail on Server
Authored by: aaulich on Jul 02, '05 04:21:24AM

Hello,

exactly, telling squirrelmail to use CRAM-MD5 is not of much use as the password you enter in the login screen is sent in cleartext through the net.

Use SSL with your website instead. You can also set up a redirect from http://example.com/webmail to https://example.com/webmail to make sure you don't use an insecure connection by accident. Or you just disable webmail for the http:// version of your site.

What ever you choose to do, SSL is the key to secure webmail access

Cheers, Andre

[ Reply to This | # ]