Broken kio_smtp
Marc Mutz
Marc.Mutz at uni-bielefeld.de
Fri Apr 11 12:50:13 BST 2003
On Friday 11 April 2003 11:46, Waldo Bastian wrote:
<snip>
> I fail to see why this is an improvement. If the mail-server doesn't
> care about the password, why should the user care about it? It's not
> that the mail-server itself is authenticated in any way, is it?
<snip>
The case in question is the one where the slave is _explicitely_ asked
to use a specific authentication mechanism. If the server doesn't
support that, the slave should report it, not silently bypass the
authentication step. It's just good engineering practice. Not exactly a
security issue, but not very nice either. As you can see, people
already fell prey to it.
Marc
--
It seems that the only thing worse than being an enemy of the US is
being a close friend and ally.
-- John Horvath, "The Meaning of Friendship", Telepolis #14395
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20030411/0476b0ad/attachment.sig>
More information about the kde-core-devel
mailing list