Webmail is wide open to virus attack and is actively being attacked as just another vector into personal computers. Some organizations have disabled access to webmail entirely for this reason. In the light of that consideration, a separate network connecting only the webmail computer with no ability to jump to other computers you may have would be a good idea. Encryption doesn't buy very much since attack code will be installed on server sites a personal computer connects to and web hijacking is a popular form of attack to grab computers connecting to the web; pull them over onto malware sites, then infect those computers. There's even an attack against ssl that depends on a user waiting for the site they've connected to redirecting them to a secure web page but what actually happens during the attack is a user gets hijacked and taken to another site not intended by the original web site developer. One defense against such activity is a revision control system used properly by a web site owner to compare current web site with archived and known safe web site contents. It gives the web site owner the ability to force a reversion back to known safe content for their web site. Of course, setting pweb site permissions correctly is important too. More easily done on Linux than windows since a wider variety of attributes exists. Rot47: <;F56]52D9:6==@?2GJ]>:=> -----Original Message----- From: programmingblind-bounce@xxxxxxxxxxxxx [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Alex Hall Sent: Monday, March 23, 2009 11:11 To: programmingblind@xxxxxxxxxxxxx Subject: Re: question about web email Ok, I was hoping to avoid that annoying dialog that would keep coming up with this dire warnings about the certificate not being signed and this could potentially blow up my computer. Still, it is a small price to pay for securing passwords and email, and sure is better than $400. Is it possible, if a user is logged in automatically, for tuser to only accept the dialog once (the first login)? Have a great day, Alex > ----- Original Message ----- >From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx >To: <programmingblind@xxxxxxxxxxxxx >Date sent: Mon, 23 Mar 2009 09:06:28 -0600 >Subject: Re: question about web email >it's quite expensive, like $400 last I checked I think, possibly more. >and none that I know of, ssl is the encrypted form of http, but you don't >need to get it signed if it's not professional. >Thanks, >Tyler Littlefield >Web: tysdomain.com >email: tyler@xxxxxxxxxxxxx >My programs don't have bugs, they're called randomly added features. >----- Original Message ----- >From: "Alex Hall" <mehgcap@xxxxxxx >To: <programmingblind@xxxxxxxxxxxxx >Sent: Monday, March 23, 2009 9:05 AM >Subject: Re: question about web email >> Hmmm... How much is it to sign, and is there a way of doing it with no >> certificate? Sorry for the basic questions, but I took a web programming >> course last semester that did a lot, but nothing on security. I was >> interested in web development stuff before that course but I just never >> got around to looking up security and encryption. >> Have a great day, >> Alex >>> ----- Original Message ----- >>>From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx >>>To: <programmingblind@xxxxxxxxxxxxx >>>Date sent: Mon, 23 Mar 2009 08:45:38 -0600 >>>Subject: Re: question about web email >>>you won't need to sign it then, but you'll always have to accept >> the cert if >>>it's not signed. >>>Thanks, >>>Tyler Littlefield >>>Web: tysdomain.com >>>email: tyler@xxxxxxxxxxxxx >>>My programs don't have bugs, they're called randomly added >> features. >>>----- Original Message ----- >>>From: "Alex Hall" <mehgcap@xxxxxxx >>>To: <programmingblind@xxxxxxxxxxxxx >>>Sent: Monday, March 23, 2009 8:37 AM >>>Subject: Re: question about web email >>>> No, just for my own use and, possibly, several other users, but >> I can >>>> definitely say not more than 50 users, most likely not even a >> quarter of >>>> that. >>>> Have a great day, >>>> Alex >>>>> ----- Original Message ----- >>>>>From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx >>>>>To: <programmingblind@xxxxxxxxxxxxx >>>>>Date sent: Mon, 23 Mar 2009 08:31:33 -0600 >>>>>Subject: Re: question about web email >>>>>a lot of it is just pop, yes. >>>>>There are also servers that just send email to mysql databases. >>>>>SSL is free, it's configured at the server level--you'll have to >>>> check with >>>>>your host. >>>>>You can generate your own certificate, but it does cost to get it >>>> signed. >>>>>If your using this professionally, you'll probably want to get it >>>> signed. >>>>>Thanks, >>>>>Tyler Littlefield >>>>>Web: tysdomain.com >>>>>email: tyler@xxxxxxxxxxxxx >>>>>My programs don't have bugs, they're called randomly added >>>> features. >>>>>----- Original Message ----- >>>>>From: "Alex Hall" <mehgcap@xxxxxxx >>>>>To: <programmingblind@xxxxxxxxxxxxx >>>>>Sent: Monday, March 23, 2009 8:30 AM >>>>>Subject: Re: question about web email >>>>>> You may not know, but is SSL free? How can I set this up; is it >>>> something >>>>>> you install on the server, something you run (like phpbb), or >>>> something >>>>>> you sign up for and route your traffic through? >>>>>> I did not know php had pop functions; is that all they do for >>>> web-based >>>>>> email sites? That is so much easier than I thought it would be! >>>> Thanks for >>>>>> the help. >>>>>> Have a great day, >>>>>> Alex >>>>>>> ----- Original Message ----- >>>>>>>From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx >>>>>>>To: <programmingblind@xxxxxxxxxxxxx >>>>>>>Date sent: Mon, 23 Mar 2009 08:13:12 -0600 >>>>>>>Subject: Re: question about web email >>>>>>>In order to encrypt you will need to use SSL. In order to access >>>>>> the >>>>>>>account, you can use php's pop functions. >>>>>>>Thanks, >>>>>>>Tyler Littlefield >>>>>>>Web: tysdomain.com >>>>>>>email: tyler@xxxxxxxxxxxxx >>>>>>>My programs don't have bugs, they're called randomly added >>>>>> features. >>>>>>>----- Original Message ----- >>>>>>>From: "Alex Hall" <mehgcap@xxxxxxx >>>>>>>To: <programmingblind@xxxxxxxxxxxxx >>>>>>>Sent: Monday, March 23, 2009 8:11 AM >>>>>>>Subject: question about web email >>>>>>>>I would like to have a web-based mail viewer for myself. How is >>>>>> this done? >>>>>>>>For example, how do sites like mail2web.com do it? Also, how >>>>>> could I secure >>>>>>>>the information going back and forth? I am using an account on >>>>>>>>ipowerweb.com for my server, btw. >>>>>>>> Have a great day, >>>>>>>> Alex >>>>>>>> __________ >>>>>>>> View the list's information and change your settings at >>>>>>>> //www.freelists.org/list/programmingblind >>>>>>>__________ >>>>>>>View the list's information and change your settings at >>>>>>>//www.freelists.org/list/programmingblind >>>>>> __________ >>>>>> View the list's information and change your settings at >>>>>> //www.freelists.org/list/programmingblind >>>>>__________ >>>>>View the list's information and change your settings at >>>>>//www.freelists.org/list/programmingblind >>>> __________ >>>> View the list's information and change your settings at >>>> //www.freelists.org/list/programmingblind >>>__________ >>>View the list's information and change your settings at >>>//www.freelists.org/list/programmingblind >> __________ >> View the list's information and change your settings at >> //www.freelists.org/list/programmingblind >__________ >View the list's information and change your settings at >//www.freelists.org/list/programmingblind __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind