Re: Security risk of POP3 & IMAP protocols

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Feb 12, 2009, at 2:49 PM, Jason Voorhees wrote:

Hi people:

A friend of mine is asking me about security risks of using IMAP &
POP3 protocols. Why? Because a sales person told my friend that IMAP
protocol is less secure than POP3 protocol. This assumption is not
related to Cyrus IMAP, instead is related only to the protocols.
I'm searching at Google something about POP3 & IMAP security but I'm
not pretty sure about comments I can found in forums or other sites.

Does anybody here know anything about security risk of these
protocols? Is it true that one of them is less secure than the other
one?

I suppose that depends on one's definition of "security". There are secure authentication mechanisms available for both protocols, and you can use TLS. The more complex an application is the more opportunity there is for programmers to make mistakes or not properly validate inputs. Since IMAP is vastly more complicated that POP in it's operation, one could argue that an IMAP implementation is more likely to have exploitable bugs.

Peter

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux