RE: question about web email
- From: "DaShiell, Jude T. CIV NAVAIR 1490, 1, 26" <jude.dashiell@xxxxxxxx>
- To: <programmingblind@xxxxxxxxxxxxx>
- Date: Mon, 23 Mar 2009 11:33:25 -0400
Webmail is wide open to virus attack and is actively being attacked as
just another vector into personal computers. Some organizations have
disabled access to webmail entirely for this reason. In the light of
that consideration, a separate network connecting only the webmail
computer with no ability to jump to other computers you may have would
be a good idea. Encryption doesn't buy very much since attack code will
be installed on server sites a personal computer connects to and web
hijacking is a popular form of attack to grab computers connecting to
the web; pull them over onto malware sites, then infect those computers.
There's even an attack against ssl that depends on a user waiting for
the site they've connected to redirecting them to a secure web page but
what actually happens during the attack is a user gets hijacked and
taken to another site not intended by the original web site developer.
One defense against such activity is a revision control system used
properly by a web site owner to compare current web site with archived
and known safe web site contents. It gives the web site owner the
ability to force a reversion back to known safe content for their web
site. Of course, setting pweb site permissions correctly is important
too. More easily done on Linux than windows since a wider variety of
attributes exists.
Rot47: <;F56]52D9:6==@?2GJ]>:=>
-----Original Message-----
From: programmingblind-bounce@xxxxxxxxxxxxx
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Alex Hall
Sent: Monday, March 23, 2009 11:11
To: programmingblind@xxxxxxxxxxxxx
Subject: Re: question about web email
Ok, I was hoping to avoid that annoying dialog that would keep coming up
with this dire warnings about the certificate not being signed and this
could potentially blow up my computer. Still, it is a small price to
pay for securing passwords and email, and sure is better than $400. Is
it possible, if a user is logged in automatically, for tuser to only
accept the dialog once (the first login)?
Have a great day,
Alex
> ----- Original Message -----
>From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx
>To: <programmingblind@xxxxxxxxxxxxx
>Date sent: Mon, 23 Mar 2009 09:06:28 -0600
>Subject: Re: question about web email
>it's quite expensive, like $400 last I checked I think, possibly
more.
>and none that I know of, ssl is the encrypted form of http, but
you don't
>need to get it signed if it's not professional.
>Thanks,
>Tyler Littlefield
>Web: tysdomain.com
>email: tyler@xxxxxxxxxxxxx
>My programs don't have bugs, they're called randomly added
features.
>----- Original Message -----
>From: "Alex Hall" <mehgcap@xxxxxxx
>To: <programmingblind@xxxxxxxxxxxxx
>Sent: Monday, March 23, 2009 9:05 AM
>Subject: Re: question about web email
>> Hmmm... How much is it to sign, and is there a way of doing it
with no
>> certificate? Sorry for the basic questions, but I took a web
programming
>> course last semester that did a lot, but nothing on security. I
was
>> interested in web development stuff before that course but I
just never
>> got around to looking up security and encryption.
>> Have a great day,
>> Alex
>>> ----- Original Message -----
>>>From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx
>>>To: <programmingblind@xxxxxxxxxxxxx
>>>Date sent: Mon, 23 Mar 2009 08:45:38 -0600
>>>Subject: Re: question about web email
>>>you won't need to sign it then, but you'll always have to accept
>> the cert if
>>>it's not signed.
>>>Thanks,
>>>Tyler Littlefield
>>>Web: tysdomain.com
>>>email: tyler@xxxxxxxxxxxxx
>>>My programs don't have bugs, they're called randomly added
>> features.
>>>----- Original Message -----
>>>From: "Alex Hall" <mehgcap@xxxxxxx
>>>To: <programmingblind@xxxxxxxxxxxxx
>>>Sent: Monday, March 23, 2009 8:37 AM
>>>Subject: Re: question about web email
>>>> No, just for my own use and, possibly, several other users, but
>> I can
>>>> definitely say not more than 50 users, most likely not even a
>> quarter of
>>>> that.
>>>> Have a great day,
>>>> Alex
>>>>> ----- Original Message -----
>>>>>From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx
>>>>>To: <programmingblind@xxxxxxxxxxxxx
>>>>>Date sent: Mon, 23 Mar 2009 08:31:33 -0600
>>>>>Subject: Re: question about web email
>>>>>a lot of it is just pop, yes.
>>>>>There are also servers that just send email to mysql databases.
>>>>>SSL is free, it's configured at the server level--you'll have to
>>>> check with
>>>>>your host.
>>>>>You can generate your own certificate, but it does cost to get it
>>>> signed.
>>>>>If your using this professionally, you'll probably want to get it
>>>> signed.
>>>>>Thanks,
>>>>>Tyler Littlefield
>>>>>Web: tysdomain.com
>>>>>email: tyler@xxxxxxxxxxxxx
>>>>>My programs don't have bugs, they're called randomly added
>>>> features.
>>>>>----- Original Message -----
>>>>>From: "Alex Hall" <mehgcap@xxxxxxx
>>>>>To: <programmingblind@xxxxxxxxxxxxx
>>>>>Sent: Monday, March 23, 2009 8:30 AM
>>>>>Subject: Re: question about web email
>>>>>> You may not know, but is SSL free? How can I set this up; is it
>>>> something
>>>>>> you install on the server, something you run (like phpbb), or
>>>> something
>>>>>> you sign up for and route your traffic through?
>>>>>> I did not know php had pop functions; is that all they do for
>>>> web-based
>>>>>> email sites? That is so much easier than I thought it would be!
>>>> Thanks for
>>>>>> the help.
>>>>>> Have a great day,
>>>>>> Alex
>>>>>>> ----- Original Message -----
>>>>>>>From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx
>>>>>>>To: <programmingblind@xxxxxxxxxxxxx
>>>>>>>Date sent: Mon, 23 Mar 2009 08:13:12 -0600
>>>>>>>Subject: Re: question about web email
>>>>>>>In order to encrypt you will need to use SSL. In order to access
>>>>>> the
>>>>>>>account, you can use php's pop functions.
>>>>>>>Thanks,
>>>>>>>Tyler Littlefield
>>>>>>>Web: tysdomain.com
>>>>>>>email: tyler@xxxxxxxxxxxxx
>>>>>>>My programs don't have bugs, they're called randomly added
>>>>>> features.
>>>>>>>----- Original Message -----
>>>>>>>From: "Alex Hall" <mehgcap@xxxxxxx
>>>>>>>To: <programmingblind@xxxxxxxxxxxxx
>>>>>>>Sent: Monday, March 23, 2009 8:11 AM
>>>>>>>Subject: question about web email
>>>>>>>>I would like to have a web-based mail viewer for myself. How is
>>>>>> this done?
>>>>>>>>For example, how do sites like mail2web.com do it? Also, how
>>>>>> could I secure
>>>>>>>>the information going back and forth? I am using an account on
>>>>>>>>ipowerweb.com for my server, btw.
>>>>>>>> Have a great day,
>>>>>>>> Alex
>>>>>>>> __________
>>>>>>>> View the list's information and change your settings at
>>>>>>>> //www.freelists.org/list/programmingblind
>>>>>>>__________
>>>>>>>View the list's information and change your settings at
>>>>>>>//www.freelists.org/list/programmingblind
>>>>>> __________
>>>>>> View the list's information and change your settings at
>>>>>> //www.freelists.org/list/programmingblind
>>>>>__________
>>>>>View the list's information and change your settings at
>>>>>//www.freelists.org/list/programmingblind
>>>> __________
>>>> View the list's information and change your settings at
>>>> //www.freelists.org/list/programmingblind
>>>__________
>>>View the list's information and change your settings at
>>>//www.freelists.org/list/programmingblind
>> __________
>> View the list's information and change your settings at
>> //www.freelists.org/list/programmingblind
>__________
>View the list's information and change your settings at
>//www.freelists.org/list/programmingblind
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
Other related posts:
