[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: verizon and smtp authorization have me stumped
|
From: |
Tim McNamara |
|
Subject: |
Re: verizon and smtp authorization have me stumped |
|
Date: |
Thu, 01 Dec 2005 23:58:44 -0600 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (darwin) |
Steve <joxer2000@verizon.net> writes:
> Tim McNamara wrote:
> <snip>
>> That looks pretty much just like mine, albeit I use a different ISP
>> that also requires SMTP authorization. The only difference between
>> entering your credentials into Emacs/Gnus versus most other mail
>> programs is that you write the file directly rather than
>> indirectly, so you can actually see it. That doesn't necessarily
>> make it any less secure.
>
> I don't follow. When I set the password to nil and gnus prompts me
> for it, as far as I can see the password never appears in plain text.
> As you point out, when you put it in your .emacs or .gnus file, it is
> in plain text. Isn't having a password in plain text less secure? I
> admit, the risk is probably low and limited to a clever spybot reading
> my config file, but from a software design perspective, requiring
> passwords to be in plain text in a file is a bad thing.
If a clever spybot can read your home directory and your .emacs, your
system has major security problems. Your e-mail password may be the
least of your worries.
Unless your ISP is using a secure connection with encrypted data
transfer for logging in, the odds are good that your username and
password are going over the net in clear text anyway, and may
therefore be just as vulnerable. It just may not look as vulnerable
if all you see are dots on your screen when you type in your password.