[issue21935] Implement AUTH command in smtpd.
Martin v. Löwis
report at bugs.python.org
Thu Jul 17 10:31:39 CEST 2014
Martin v. Löwis added the comment:
RFC 4954 states
Note: A server implementation MUST implement a configuration in which
it does NOT permit any plaintext password mechanisms, unless either
the STARTTLS [SMTP-TLS] command has been negotiated or some other
mechanism that protects the session from password snooping has been
provided. Server sites SHOULD NOT use any configuration which
permits a plaintext password mechanism without such a protection
mechanism against password snooping.
So I'm -1 on this patch, and also on the feature until STARTTLS is implemented (and then this patch needs to be updated to conform to this requirement).
----------
nosy: +loewis
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21935>
_______________________________________
More information about the Python-bugs-list
mailing list