[Dovecot] Detail improvement: %c variable
Reindl Harald
h.reindl at thelounge.net
Sun Feb 23 23:54:51 UTC 2014
Am 24.02.2014 00:23, schrieb Hadmut Danisch:
> On Sun, Feb 23, 2014 at 11:37:55PM +0100, Reindl Harald wrote:
>> what headache?
> The one I've described.
you described nothing relevant
you only talk why 127.0.0.1 is treated as "secured"
well because it is by definition, if you don't trust
127.0.0.1 you have lost the game at all
>> how do you imagine a man-in-the-middle-attack on 127.0.0.1
>
> You're confusing the different attacks. This has nothing to do with a
> man-in-the-middle. This is against a passive eavesdropper,
> e.g. someone watching people entering the password at a web interface,
> or a keylogger on an unreliable computer
RTFM - these is *logging* and there it does not make a difference
in case of security if it was a encrypted connection or one
from LOCALHOST where there is no wire at all between client and server
____________________
These variables work only in Dovecot-auth and *login_log_format_elements* setting
%c secured
"secured" string with SSL, TLS and localhost connections. Otherwise empty.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140224/9c6e5f3c/attachment.sig>
More information about the dovecot
mailing list