[nycphp-talk] Security and POP/IMAP/HTTPS
Michael Sims
jellicle at gmail.com
Tue Oct 10 09:21:57 EDT 2006
On Tuesday 10 October 2006 8:26 am, Aaron Fischer wrote:
> Someone was proposing sending PDFs containing sensitive info over email.
> I was thinking of recommending against it, citing the lack of security
> in the POP/IMAP protocols. Is that a legitimate concern?
Sure, but only if you make sure the solution is actually more secure.
> An alternative would be to email them with a link to the PDF which would
> be protected with a login system (That's where the PHP would come in).
And how did they get their username/password in the first place? Via
unencrypted email? See what I'm saying?
If you send usernames/passwords via snail mail, and then have people login
over https, that's pretty good security. But if the passwords are going
out over email anyway, you might as well send the sensitive document via
email too.
Michael Sims
More information about the talk
mailing list