[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I want to add non-RFC passwd to pop and imap
From: |
Jakob 'sparky' Kaivo |
Subject: |
Re: I want to add non-RFC passwd to pop and imap |
Date: |
13 Jul 2001 09:35:20 -0700 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.0.103 |
Sam Roberts <address@hidden> writes:
> Reading the RFCs, they are riddled with references to browsers and
> users, seemingly without awareness that URLs are generally useable
> for descriptions of how to access resources. Passwords were
> disallowed for security reasons that do not exist in many applications.
>
> Example, mutt's configuration file:
>
> set spoolfile=imap://address@hidden
> set imap_pass=XXX
>
> The security advantage is....?
>
> It *should* allow the password as in the other URLs, ftp, http,
> etc., now you have to invent another syntax for fully specifying
> the resource, and note that Mutt's mechanism is not general
> enough, you have no way to specify which imap url the password
> is associated with.
> Syntax, condensed from RFC 1738, and extended with the ;auth=
> of RFC 2384 (for POP) and RFC 2192 (for IMAP):
>
> url =
> scheme ":" = "//"
>
> [ user [ ( ":" password ) | ( ";auth=" auth ) ] "@" ]
>
> host [ ":" port ]
>
> [ "/" urlpath ]
I agree wholeheartedly. It's ridiculous to think that POP and IMAP
URLs should be any different than other URLs WRT passwords. There is
*no* security advantage in the mutt approach: if someone can read your
.muttrc, they can read your password. If you don't want to keep your
password in a file, then don't. The application should ask for it
interactively. If, however, it is either necessary (eg. for a script)
or convenient, the password should absolutely be part of the URL, and
not a separate variable.
-- sparky
- I want to add non-RFC passwd to pop and imap, Sam Roberts, 2001/07/12
- Re: I want to add non-RFC passwd to pop and imap,
Jakob 'sparky' Kaivo <=
- Re: I want to add non-RFC passwd to pop and imap, Alain Magloire, 2001/07/16
- Re: I want to add non-RFC passwd to pop and imap, Sam Roberts, 2001/07/18
- Re: I want to add non-RFC passwd to pop and imap, Alain Magloire, 2001/07/18
- Message not available
- Re: I want to add non-RFC passwd to pop and imap, Sam Roberts, 2001/07/19
- Re: I want to add non-RFC passwd to pop and imap, Alain Magloire, 2001/07/19
- Re: I want to add non-RFC passwd to pop and imap, Jakob 'sparky' Kaivo, 2001/07/19
- Re: I want to add non-RFC passwd to pop and imap, Sam Roberts, 2001/07/19
- Re: I want to add non-RFC passwd to pop and imap, Alain Magloire, 2001/07/23