Bezpecnost protokolu POP3 (Was: Re: passwd HTML interface pre POP3 clientov)

[Pavel Janik ml.]

Preji prijemny den ve spolek,

   > Uvedomujete si bezpecnostni rizika? Posilani plain_text hesel po siti je
   > docela odvazny zamer.

ano, ono dokonce i pouzivani protokolu POP3 je odvazny zamer, vzhledem
k tomu, ze komunikace probiha asi takto:

telnet localhost pop-3
Trying X.X.X.X...
Connected to SnowWhite.inet.cz.
Escape character is '^]'.
+OK POP3 SnowWhite.inet.cz vX.X server ready
user uzivatel
+OK User name accepted, password please
pass Moje_Tajne_Heslo_Ktere_Uz_Tajne_Neni_Nebo_Je?    <----- !!!!!!!!!!
+OK Mailbox open, 0 messages
quit
+OK Sayonara
Connection closed by foreign host.

Proto je asi lepsi pouzivat jine protokoly (APOP, pripadne KPOP). BTW
- jak tento problem resi administratori jinych ISP? Vcelku by mne to
zajimalo.
-- 
Pavel Janik ml.
Pavel.Janik na inet.cz