Re: Apple OSX and iDisk and Mail.app

[osx_guru <osx_guru () mac com>]

mac.com supports SSL which can be enabled through the 
Preferences->accounts->your account-> edit button->account options 
tab-> check box for "Use SSL"

I think that addresses your concern. Though you are correct in that 
by default this password is transmitted in the clear, though most 
consumer email clients do not have SSL or similar turned on by 
default due to uncertainty about various mail server compliance.

jon


On Wednesday, July 24, 2002, at 11:10  AM, Randal L. Schwartz wrote:

> The password for an Apple iDisk is sent via HTTPS/WebDAV.  However, if
> you configure OSX with an iDisk password, the same password is copied
> to the Mail.app configuration (which might not have been previously
> configured).  Clicking on a "mailto" link fires up Mail.app, which
> then connects to mac.com which *does not* support any method of
> encrypted password transmission.
>
> Net effect: your iDisk password is transmitted in the clear without
> your awareness, albeit as a mail password.
>
> Problems:
>
> - mac.com SMTP doesn't support encrypted passwords
> - mac.com's mail password is *always* identical to iDisk password
> - OSX's "do what I mean" friendliness saves passwords without knowledge
>
> --
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 
> 777 0095
> <merlyn () stonehenge com> <URL:http://www.stonehenge.com/merlyn/>
> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
> See PerlTraining.Stonehenge.com for onsite and open-enrollment 
> Perl training!