Allowing less secure apps - "Goozilla" vs Mozilla
Tim
ignored_mailbox at yahoo.com.au
Fri Feb 6 00:35:27 UTC 2015
Allegedly, on or about 05 February 2015, poma sent:
> Therefore "Goozilla" considers Mozilla Thunderbird as less secure!?
> Really "Goozilla"?
This rather depends on *why* you're encountering this. A great many
applications logon to servers by sending your username and password,
unencrypted. Anyone else on the same network can see them. By refusing
unencrypted plain text logons, the server will be stopping your
application before it sends out the password. However, some dumb
implementations of this protection don't interrupt the logon process,
and fail you after the password has already been sent out, in the clear.
This issue has been around since the internet sprang into existence, yet
even now it's a pain to get encrypted logons working, as little effort
has been put into standardising them. There's a plethora of different
ways to do it, none of which can be considered a default, and not all
methods will be supported on either side.
You do see, now, some applications attempting to do a secure logon as
the first thing, instead, then falling back to other methods.
--
[tim at localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64
All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.
George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.
ZNQR LBH YBBX
More information about the users
mailing list