NYCPHP Meetup

NYPHP.org

[nycphp-talk] Security and POP/IMAP/HTTPS

Jon Baer jonbaer at jonbaer.com
Tue Oct 10 09:59:45 EDT 2006


OpenSSL is usually my bet for protecting PDFs ... (as you have more  
options to work w/)

http://www.madboa.com/geek/openssl/#encrypt-simple

- Jon

On Oct 10, 2006, at 9:21 AM, Michael Sims wrote:

> On Tuesday 10 October 2006 8:26 am, Aaron Fischer wrote:
>
>> Someone was proposing sending PDFs containing sensitive info over  
>> email.
>>   I was thinking of recommending against it, citing the lack of  
>> security
>> in the POP/IMAP protocols.  Is that a legitimate concern?
>
> Sure, but only if you make sure the solution is actually more secure.
>
>> An alternative would be to email them with a link to the PDF which  
>> would
>> be protected with a login system (That's where the PHP would come  
>> in).
>
> And how did they get their username/password in the first place?  Via
> unencrypted email?  See what I'm saying?
>
> If you send usernames/passwords via snail mail, and then have  
> people login
> over https, that's pretty good security.  But if the passwords are  
> going
> out over email anyway, you might as well send the sensitive  
> document via
> email too.
>
>
> Michael Sims
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php




More information about the talk mailing list