Re: Authorisation again. Security.
On Fri, Nov 30, 2001 at 08:47:07AM +0500, Viktor Vislobokov wrote:
> Есть еще один путь, если тебе надо защитить только авторизацию -
> включи apop
Цитата из popa3d:
There exist extensions to the protocol that are supposed to fix this
problem. I am not supporting them yet, partly because this isn't
going to fully fix the problem. In fact, APOP and the weaker defined
SASL mechanisms such as CRAM-MD5 may potentially be even less secure
than transmission of plaintext passwords because of the requirement
that plaintext equivalents be stored on the server.
--
Anton Petrusevich
Reply to: