|
|
|
| XP is just a number | |
| PerlMonks |
Re: Ecryption?by IndyZ (Friar) |
| on Feb 17, 2001 at 20:01 UTC ( [id://59158]=note: print w/replies, xml ) | Need Help?? |
This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.
Even if we follow Coyote's advice and use session keys,
there are still security implications. When the user first
sends his password, it will be plaintext. Anybody
between your user and the webmail server could pull the
password off of the network. The only universally supported system that I can think of is SSL. 128-bit encryption is way better than hashing passwords or using session keys. In theory, you shouldn't even need to use session keys (but you should, because two layers of security are better than one). Plus, with SSL, everything is encrypted, so your users network can't be sniffed to find out the content of messages (but the mailservers can). To wrap it up, session keys have worked, and still do, SSL encryption is better, but nothing is perfect. A determined cracker could probably still get access to the contents of your user's mail, but you will be making it a lot harder for him.
--
In Section
Seekers of Perl Wisdom
|
|
||||||||||||||||||||||||