storing password lists in mails to myself on IMAP?

Nomen Nescio nobody at dizum.com
Thu Feb 15 22:10:08 CET 2007


Robert J. Hansen wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Nomen Nescio wrote:
> > Given that this is an IMAP account it's possible those temp
> > files exist on the IMAP server. :-(
> 
> Can you point me to an IMAP client which does this?  Or to part of the

Amusing as it is to me anyway, Firefox will do this. Part of it's
crash recovery is saving a copy of messages you're composing every
few keystrokes. I'm not even sure you can turn the feature off, and
if you have a "everything but the kitchen sink on the server" setup
those temporary copies are stored in a draft folder *on the IMAP
server*, unencrypted.

I know for a fact it can happen because I've seen it first hand
on my own Courier/Postfix server in bold, living color.

> IMAP RFC which lists "storing arbitrary data for the client's use on
> the server" as a feature?  Or an IMAP server which supports this?
> 
> Otherwise, this seems to be paranoid fantasy.

Yeah. Sure it does.

Maybe you should think things through, or God forbid even run a
few tests or something before puffing your chest there Robert.
Especially when you're in the unenviable position of potentialy
being your own proof of concept.




More information about the Gnupg-users mailing list