mac.com supports SSL which can be enabled through the Preferences->accounts->your account-> edit button->account options tab-> check box for "Use SSL" I think that addresses your concern. Though you are correct in that by default this password is transmitted in the clear, though most consumer email clients do not have SSL or similar turned on by default due to uncertainty about various mail server compliance. jon On Wednesday, July 24, 2002, at 11:10 AM, Randal L. Schwartz wrote: > > The password for an Apple iDisk is sent via HTTPS/WebDAV. However, if > you configure OSX with an iDisk password, the same password is copied > to the Mail.app configuration (which might not have been previously > configured). Clicking on a "mailto" link fires up Mail.app, which > then connects to mac.com which *does not* support any method of > encrypted password transmission. > > Net effect: your iDisk password is transmitted in the clear without > your awareness, albeit as a mail password. > > Problems: > > - mac.com SMTP doesn't support encrypted passwords > - mac.com's mail password is *always* identical to iDisk password > - OSX's "do what I mean" friendliness saves passwords without knowledge > > -- > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 > 777 0095 > <merlynat_private> <URL:http://www.stonehenge.com/merlyn/> > Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. > See PerlTraining.Stonehenge.com for onsite and open-enrollment > Perl training!
This archive was generated by hypermail 2b30 : Wed Jul 24 2002 - 14:46:04 PDT