Re: How to auto connect via SSH and Balsa?

From: "M . Thielker" <balsa t-data com>
To: Balsa List <balsa-list gnome org>
Subject: Re: How to auto connect via SSH and Balsa?
Date: Sat, 15 Sep 2001 11:43:29 +0200

On 2001.09.15 11:11 Jules Bean wrote:
> Why would that be insecure?
> 

Another user on the same host, or even on another host, if ssh is configured
incorrectly, could grab the forwarded connection and abuse it. It also
fosters a false sense of security.

> It would be much less insecure than, for example, running cleartext IMAP.
> 
True. However, havong an MUA automatically execute arbitrary commands is a
security risk in itself. The command may be s shell script, it may be world
writeable or include one that's world writbale, any of the executables
called could be world writable. Limitless possibilities for one user to
execute arbitrary, destructive commands as another user.

> Encrypted IMAP has its own disadvantages: at least for the server I
> looked into, the encryption is two-way, and requires the server to
> have a clear-text copy of the password.
> 
True. But if you don't trust your server, then whom will you trust? It's bad
practice to have the same password on different hosts, anyway. So if the
server operator wants to read your mail, he can, anyway. So what if he reads
the password? Used correctly, it should only be good for that very server,
anyway. Nothing gained, nothing lost.

Melanie

References:
- How to auto connect via SSH and Balsa?
  - From: Bojan Land
- Re: How to auto connect via SSH and Balsa?
  - From: M . Thielker
- Re: How to auto connect via SSH and Balsa?
  - From: Jules Bean

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]