[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] decode base64 auth info in -snoop output?

From: Valdis . Kletnieks
Subject: Re: [Nmh-workers] decode base64 auth info in -snoop output?
Date: Fri, 12 Aug 2016 11:45:03 -0400

On Fri, 12 Aug 2016 09:32:14 -0400, David Levine said:

> But I'd rather see this:
>     (tls-decrypted) <= 334 Username:
>     (tls-encrypted) => address@hidden
>     (tls-decrypted) <= 334 Password:
>     (tls-encrypted) => my_password

The knee-jerk response is that it's a security issue.  A few second's
thought shows that it's not revealing anything that the person/software
issuing a 'post -snoop' doesn't already have access to.

Probably not a bad idea, as it drastically reduces the time to debug
a Homer Simpson "D'Oh!" moment when you finally realize it's sending
an incorrect user/password pair (been there, done that, when we migrated
our mailstore from a local solution to Google Mail... :)

Attachment: pgpj5Uw6As9Z3.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]