Dear all,
My RC use PLAIN mechanism for IMAP athentication. And it use default (non-SSL) IMAP port 143.
While log in, I captured the information by WireShark then I could see the usename and password, warped in a HTTP POST.
If I change to use SSL with IMAP,
$rcmail_config['default_host'] = 'ssl://mail.mysite.com'; $rcmail_config['default_port'] = 993;
I still can capture my Username/ Password. So I think the SSL authentication is just from RC to IMAP server. Not from my PC to RC server.
I know if I'm using HTTPS, the information send from my PC to HTTP server will be encrypted.
Is there anyway to encrypt the login session from my PC to the RC server, except using HTTPS? I mean the encryption supported inside RC login page.
Many thanks/ Minh.
List info: http://lists.roundcube.net/users/ BT/9b404e9e