Firewall Wizards mailing list archives
RE: IMAP- how to protect a server?
From: sean.kelly () lanston com
Date: Fri, 11 Jun 1999 18:24:35 -0400
From: Carric Dooley [mailto:carric () com2usa com] Sent: Saturday, June 05, 1999 1:11 AM Subject: Re: IMAP- how to protect a server? I have been watching this thread... and I can't see how SSL protects the server. That would protect (to a degree) the content of the e-mail and users passwords to the server, but not the server itself. If you are talking about the buffer overflows like the ones that seem to keep cropping up in IMAP servers on Linux, the only real way to keep that server safe is to keep your daemon at the latest rev, and hope to god you are not the target when a new exploit for that version is discovered. There is only so much one can do...
Exactly. The point of SSL is to make the data that pass between the client and server unreadable by a third-party. This means someone can't just grab a username and password from a telnet login, etc. Anyone can still sty to connect to the server on the SSL port, and (if they succeed) do whatever they want. The SSL server code is pretty solid however -- the possibility of a buffer overrun or something along those lines is quite small. Sean
Current thread:
- IMAP- how to protect a server? Aaron D. Turner (Jun 02)
- Re: IMAP- how to protect a server? jacob carlson (Jun 03)
- Re: IMAP- how to protect a server? Ge' Weijers (Jun 03)
- Re: IMAP- how to protect a server? Aaron D. Turner (Jun 03)
- Re: IMAP- how to protect a server? chuck (Jun 04)
- Re: IMAP- how to protect a server? Aaron D. Turner (Jun 03)
- <Possible follow-ups>
- Re: IMAP- how to protect a server? Steven M. Bellovin (Jun 04)
- RE: IMAP- how to protect a server? sean . kelly (Jun 14)
- RE: IMAP- how to protect a server? Mayne, Peter (Jun 14)
- Re: IMAP- how to protect a server? Carric Dooley (Jun 14)
- Re: IMAP- how to protect a server? Ge' Weijers (Jun 14)
- Re: IMAP- how to protect a server? Aaron D. Turner (Jun 14)
- Re: IMAP- how to protect a server? Ge' Weijers (Jun 14)
- IMAP who provides CERT support (was Re: IMAP- how to protect a server?) chuck (Jun 14)
- Re: IMAP who provides CERT support (was Re: IMAP- how to protect a server?) Andy Smith (Jun 15)
- Re: IMAP- how to protect a server? Ge' Weijers (Jun 14)