Am 24.02.2014 00:23, schrieb Hadmut Danisch:
On Sun, Feb 23, 2014 at 11:37:55PM +0100, Reindl Harald wrote:
what headache? The one I've described.
you described nothing relevant
you only talk why 127.0.0.1 is treated as "secured" well because it is by definition, if you don't trust 127.0.0.1 you have lost the game at all
how do you imagine a man-in-the-middle-attack on 127.0.0.1
You're confusing the different attacks. This has nothing to do with a man-in-the-middle. This is against a passive eavesdropper, e.g. someone watching people entering the password at a web interface, or a keylogger on an unreliable computer
RTFM - these is *logging* and there it does not make a difference in case of security if it was a encrypted connection or one from LOCALHOST where there is no wire at all between client and server
These variables work only in Dovecot-auth and *login_log_format_elements* setting
%c secured "secured" string with SSL, TLS and localhost connections. Otherwise empty.