Security risk of POP3 & IMAP protocols
Peter A. Friend
octavian at corp.earthlink.net
Thu Feb 12 18:17:00 EST 2009
On Feb 12, 2009, at 2:49 PM, Jason Voorhees wrote:
> Hi people:
>
> A friend of mine is asking me about security risks of using IMAP &
> POP3 protocols. Why? Because a sales person told my friend that IMAP
> protocol is less secure than POP3 protocol. This assumption is not
> related to Cyrus IMAP, instead is related only to the protocols.
> I'm searching at Google something about POP3 & IMAP security but I'm
> not pretty sure about comments I can found in forums or other sites.
>
> Does anybody here know anything about security risk of these
> protocols? Is it true that one of them is less secure than the other
> one?
>
I suppose that depends on one's definition of "security". There are
secure authentication mechanisms available for both protocols, and you
can use TLS. The more complex an application is the more opportunity
there is for programmers to make mistakes or not properly validate
inputs. Since IMAP is vastly more complicated that POP in it's
operation, one could argue that an IMAP implementation is more likely
to have exploitable bugs.
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090212/f985bf96/attachment.html
More information about the Info-cyrus
mailing list