Re: webmail server & getpwnam "inherently unreliable" -- Precisely why is that?

From: Jem Berkes (jb_dontuse@pc9.org)
Date: 03/11/02


From: Jem Berkes <jb_dontuse@pc9.org>
Date: Mon, 11 Mar 2002 06:10:34 GMT


> but in the end the machine is still using the same old smtp plain text
> login, so i don't really see the point and don't see how i can ensure
> security against a cracker sniffing what he knows to be the first N
> number of packets in a POP or IMAP exchange.

You're right (remember it's not SMTP for retrieving mail, however). I
don't know the specifics of those library calls, but in either case any
webmail type of system is going to use plaintext passwords.

This is a huge security risk, but you can get around it safely if the
following conditions are met:

1) Webmail is only available through SSL (eg Apache mod_ssl)
2) The webmail system is connected to the mail servers through a route
that never leaves the ISP (i.e. packets never go public)
3) No other access, i.e. no external POP access available on the same box
that does the webmail

> furthermore, the reason why they want a *browser* based email service
> is so that when they are on the road they can just use the clients'
> browsers to get their mail. Now correct me if i'm in error here, but
> isn't that a giant step in the direction of breaking security in
> itself? that means whatever crackers may be doing at client sites
> automatically infects this webmail server.

SSL...

Check out nullwebmail. This thing's beautiful. I'm running it at my site
through SSL only.

http://nullwebmail.sourceforge.net/

-- 
Jem E. Berkes
IEEE member, Winnipeg

http://www.pc-tools.net/ Windows, Linux & UNIX software