Gossamer Forum
Home : Products : Gossamer Mail : Discussion :

[2.0.5] Hide passwords feature

Quote Reply
[2.0.5] Hide passwords feature
Any chance of encrypting the passwords used for logging into POP accounts in a future update? Having had my server hacked last night I don't like seeing the passwords for all to see listed in the admin.

Jason
Quote Reply
Re: [wickedmoon] [2.0.5] Hide passwords feature In reply to
Hello Jason!

Years ago I requested but GT did not show any interest.

Just out of curiosity, what happened and how did your server got hacked?
Quote Reply
Re: [rajani] [2.0.5] Hide passwords feature In reply to
I spoke with Alex about this also but it is not that they don't have interest in it. Some of the incoming mail modes require sending a plain text password to a pop3 server. If you want to encrypt the passwords, I think you are limited to shared pop3 for incoming messages.

I did encrypt passwords on a test version and it worked great. Once the new template version is released and stable, I will convert our live version.

I would also like to see this as an option in the admin but I can see one major drawback to it. Once you convert the passwords, there is no going back. I can see this causing problems with people who don't like to read the directions till something is broken (me).

Regards,
Charlie
Quote Reply
Re: [wickedmoon] [2.0.5] Hide passwords feature In reply to
Hi,

Charlie summed it up great. Basically if you want to use real pop accounts to store your mail, and not a shared catchall, then the passwords can not be encrypted, as the POP protocol requires sending clear text passwords.

Cheers,

Alex
--
Gossamer Threads Inc.