Cocoa mail archive
Re: Anybody using Pantomime or mail-core framework?
FROM : Jens Alfke
DATE : Wed May 14 01:45:30 2008
On 13 May '08, at 4:35 PM, Matt Burnett wrote:
> Its not hard to enable HTTP authentication.
It's also not hard to eavesdrop on the HTTP session using tcpdump, or
to debug or disassemble the app to recover the password.
In other words, putting a shared secret into an application
distributed to end-users is not secure.
Probably not a realistic fear in this particular case, but there are
many, many instances of web scripts like this being abused to send
spam, so I don't think I'm being overly paranoid :)
—Jens
DATE : Wed May 14 01:45:30 2008
On 13 May '08, at 4:35 PM, Matt Burnett wrote:
> Its not hard to enable HTTP authentication.
It's also not hard to eavesdrop on the HTTP session using tcpdump, or
to debug or disassemble the app to recover the password.
In other words, putting a shared secret into an application
distributed to end-users is not secure.
Probably not a realistic fear in this particular case, but there are
many, many instances of web scripts like this being abused to send
spam, so I don't think I'm being overly paranoid :)
—Jens
| Related mails | Author | Date |
|---|---|---|
| Anybody using Pantomime or mail-core framework? |
vinitha | May 12, 13:25 |
| Re: Anybody using Pantomime or mail-core framework? |
Omar Qazi | May 13, 07:57 |
| Re: Anybody using Pantomime or mail-core framework? |
Jens Alfke | May 13, 08:07 |
| Re: Anybody using Pantomime or mail-core framework? |
Omar Qazi | May 13, 08:16 |
| Re: Anybody using Pantomime or mail-core framework? |
Matt Burnett | May 14, 01:35 |
| Re: Anybody using Pantomime or mail-core framework? |
Jens Alfke | May 14, 01:45 |
| Re: Anybody using Pantomime or mail-core framework? |
Matt Burnett | May 14, 02:40 |
| Re: Anybody using Pantomime or mail-core framework? |
Jens Alfke | May 14, 02:48 |
| Re: Anybody using Pantomime or mail-core framework? |
Andrew Farmer | May 15, 23:17 |
