Maikel Verheijen wrote:
Why don't you move to a database instead of having a password file? If you use a database, you could easily write a php-web-interface for your users where they can update or change their passwords.
I have a real problem suggesting using databases for something as simple as a password file. kind of like using a bulldozer to park your car. cam be done but usually causes a boatload of damage and a great deal of regret.
a simple dbm file is sufficent for this task. gdbm seems to be reasonable instance.
The only thing you won't solve is the APOP issue, but since you already support IMAP as well, why no allow pop3 too? Almost all clients support ssl connections to both pop3 and imap, so why bother with the password being sent plain-text over the wire?
very good sugestion. a great tool for generating and managing certs in the small is tinyca. http://tinyca.sm-zone.net/
--- eric