How can I avoid sending my password en clair?
Depending on what your mail server you are talking to, this ranges from trivial to impossible. It may even be next to useless. Most people use fetchmail over phone wires (whether plain old copper or DSL), which are hard to tap. Anybody with the skill and resources to do this could get into your server mailbox with much less effort by subverting the server host. So if your provider setup is phone-company wire going straight into a service box, you probably don’t need to worry. In general there is little point in trying to secure your fetchmail transaction unless you trust the security of the server host you are retrieving mail from. Your vulnerability is more likely to be an insecure local network on the server end (e.g. to somebody with a TCP/IP packet sniffer intercepting Ethernet traffic between the modem concentrator or DSL POP you dial in to and the mailserver host). Having realized this, you need to ask whether password encryption alone will really address your security exposure.
Related Questions
- I do not want to give the database password to people who are simply viewing reports with cView. How do I avoid giving it out, without losing functionality?
- How can I avoid having to enter my VPN username and password whenever connecting to my VPN with OpenVPN?
- How can I avoid sending my password en clair?
