[nycphp-talk] Security and POP/IMAP/HTTPS
Jon Baer
jonbaer at jonbaer.com
Tue Oct 10 09:59:45 EDT 2006
OpenSSL is usually my bet for protecting PDFs ... (as you have more
options to work w/)
http://www.madboa.com/geek/openssl/#encrypt-simple
- Jon
On Oct 10, 2006, at 9:21 AM, Michael Sims wrote:
> On Tuesday 10 October 2006 8:26 am, Aaron Fischer wrote:
>
>> Someone was proposing sending PDFs containing sensitive info over
>> email.
>> I was thinking of recommending against it, citing the lack of
>> security
>> in the POP/IMAP protocols. Is that a legitimate concern?
>
> Sure, but only if you make sure the solution is actually more secure.
>
>> An alternative would be to email them with a link to the PDF which
>> would
>> be protected with a login system (That's where the PHP would come
>> in).
>
> And how did they get their username/password in the first place? Via
> unencrypted email? See what I'm saying?
>
> If you send usernames/passwords via snail mail, and then have
> people login
> over https, that's pretty good security. But if the passwords are
> going
> out over email anyway, you might as well send the sensitive
> document via
> email too.
>
>
> Michael Sims
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
More information about the talk
mailing list