24 Feb
2014
24 Feb
'14
12:37 a.m.
Am 23.02.2014 23:27, schrieb Hadmut Danisch:
But if the web gateway and dovecot are no the /same/ machine, this does not work anymore, since %c becomes "secured" on localhost, even if unencrypted. It causes a lot of trouble and headache
what headache?
how do you imagine a man-in-the-middle-attack on 127.0.0.1
Please add a configuration variable to configure, whether %c should become "secured" for unencrypted traffic on the loopback device (localhost)
to gain exactly what?
frankly for practical usage epect debugging even a fallback to no encryption at all on loopback would be sane and for the sake of reduce useless overhead fine