RFC IMAP
Sommaire How to Read This Document Protocol Overview State and Flow Diagram Data Formats Operational Considerations Client Commands Server Responses Sample IMAP4 connection Formal Syntax Author's Note Security Considerations Author's Address References

RFC du protocole IMAP : Security Considerations

11. Security Considerations

   IMAP4rev1 protocol transactions, including electronic mail data, are
   sent in the clear over the network unless privacy protection is
   negotiated in the AUTHENTICATE command.

   A server error message for an AUTHENTICATE command which fails due to
   invalid credentials SHOULD NOT detail why the credentials are
   invalid.

   Use of the LOGIN command sends passwords in the clear.  This can be
   avoided by using the AUTHENTICATE command instead.

   A server error message for a failing LOGIN command SHOULD NOT specify
   that the user name, as opposed to the password, is invalid.

   Additional security considerations are discussed in the section
   discussing the AUTHENTICATE and LOGIN commands.
Annonces