|
Home > Archive > Apache Server configuration support > November 2006 > secure webmail
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| miguel-lopes 2006-11-27, 1:19 pm |
| Hi
I have my webmail working with SUSE10, postfix, cyrus and squirrlemail.
My issue is how can I make it secure??
In other words instead of typing http://www.xxxx.com/webmail make it
https://www.xxxx.com/webmail that way the password are encrypted and what
the viewer is seeing also.
Thanks any help is apreciated!!
| |
| Davide Bianchi 2006-11-27, 1:19 pm |
| On 2006-11-27, miguel-lopes <milopes@hotmail.com> wrote:
> In other words instead of typing http://www.xxxx.com/webmail make it
> https://www.xxxx.com/webmail that way the password are encrypted and what
Create a certificate for your server. See the documentation about
SSL'ing the server.
Davide
--
There's the light at the end of the the Windows.
-- Havlik Denis
| |
|
|
| shimmyshack 2006-11-28, 1:18 pm |
| don't forget though email is inherently insecure, sending stuff in
plain text, all you are doing here is securing the data from your web
server to your user and back.
To make a truly secure system, you should use SSL, but then unless your
mail server is on the same machine as the web server consider using
Secure SMTP to the server. (like gmail)
Then you have the problem of the SMTP server's network, and all
networks after that including the pop network for the recipient, as
well as his/her network once the mail has been downloaded from the pop
server.
Anything that important should be sent using certificate encrypted
mail. That requires the recipient has a public cert. php has funcitons
that can use a persons public cert to encrypt the mail.
I am assuming here that all you want is "cant eavesdrop on the GET/POST
to the web server" in which case yeah SSL.
|
|
|
|
|