-----Original Message-----
From: johnp [mailto:johnp(_at_)idimo(_dot_)com]
Sent: vrijdag 23 september 2005 21:25
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Re: Can this really be true?
With CRAM-MD5 a "man in the middle" could hijack the session.
Also, IIRC, there is a tendency to end up storing the
password in plaintext at the mail server, which is not good.
Not so - they are encrypted on the server,
They are, indeed, encrypted. The only weak spot is that 'sasldb2.db'
is not owned by root, but by something like "cyrus:mail". Potentially,
that means not just the superuser has access to it.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com