Quote:
Originally Posted by JeremyNicoll
So ... IIUC you're saying that an https: connection to a webmail session (which internally uses IMAP to talk to the backend servers) is "secure" but an external client talking directly to the server over a secured (TLS or whatever) connection isn't?
Why do you think that?
What /specifically/ are the "possible security problems"?
|
A webmail client implemented correctly as an IMAP client would communicate with the IMAP server either over an internal network, or else over a secure connection. Of course you have to trust whoever runs the service.