Encrypt IMAP email account password

Are you missing a feature in Group-Office. You can always try to request it!

Moderator: Developers

User avatar
ttimalsina
Posts: 56
Joined: Thu Apr 22, 2004 5:23 pm
Location: San Francisco, California, USA

Encrypt IMAP email account password

Postby ttimalsina » Sat Sep 23, 2006 4:17 am

I just checked it today and found that GO saves IMAP email account password on plain text. I was wondering how hard will it be to encrypt it.

Thanks
User avatar
dkittell
Site Admin
Site Admin
Posts: 808
Joined: Tue May 25, 2004 10:32 pm
Location: Michigan, USA
Contact:

Postby dkittell » Mon Oct 23, 2006 11:43 pm

check php.net to get the right syntax but it would be something like md5('password')
David Kittell
Owner / Developer
Kittell.net
mschering
Site Admin
Site Admin
Posts: 8355
Joined: Tue Apr 20, 2004 1:06 pm
Location: The Netherlands - Den Bosch
Contact:

Postby mschering » Tue Oct 24, 2006 7:21 am

md5 won't do it. Only if the server supports md5 authentication because md5 is one way encryption. If you store it md5 encrypted and you want to authenticate as plain text you have a problem...
Best regards,

Merijn Schering
Intermesh
User avatar
dkittell
Site Admin
Site Admin
Posts: 808
Joined: Tue May 25, 2004 10:32 pm
Location: Michigan, USA
Contact:

Postby dkittell » Tue Oct 24, 2006 7:36 am

I forgot about the IMAP/POP server end...

I guess an easier way to be protected is to not expose your sql table to people you don't trust, ie don't open the ports on your firewall and limit the people able to access it internally
David Kittell
Owner / Developer
Kittell.net
User avatar
lonesomewalker
Posts: 320
Joined: Wed Sep 15, 2004 9:15 am
Location: everywhere
Contact:

Postby lonesomewalker » Tue Oct 24, 2006 9:03 am

I can only say, that the password stored unencrypted in the database has saved some *** of my customers.

They use GO, Outlook, Entourage, and someday, they decided to use Pegasus or Incredible Mail. But what about the password?
Changing? Impossible, because too many persons have this account.
Then you just peek in the database (i just send them the right sql-query :D ), and voila...
Okay, this affects only multi-user-accounts...
User avatar
ttimalsina
Posts: 56
Joined: Thu Apr 22, 2004 5:23 pm
Location: San Francisco, California, USA

Postby ttimalsina » Mon Oct 30, 2006 6:46 pm

I back up GO database on daily basis and I wanted to have the IMAP account password to be encrypted. Seems like it is a bit hard to implement.
User avatar
lonesomewalker
Posts: 320
Joined: Wed Sep 15, 2004 9:15 am
Location: everywhere
Contact:

Postby lonesomewalker » Thu Nov 16, 2006 10:36 pm

Seems like impossible.

Or do you want to log in in GroupOffice and in email module again?
If you store your pwd encrypted in your database, how should GO read it?
Or do you want to use weak encryption, like ROT13???

Who is online

Users browsing this forum: No registered users and 3 guests

cron