Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PLAIN authentication over SSL/TLS

Tags:

authentication

If I'm connecting to a mail server over SSL or TLS but using PLAIN authentication, is that secure?

like image 803
Alex Bliskovsky Avatar asked May 11 '26 19:05

Alex Bliskovsky

1 Answers

Since the SSL/TLS connection is already encrypted, sending the password as PLAIN text doesn't hurt anything. You could encrypt the password as well, but then you're just double encrypting it. In most cases, I would consider that superfluous.

One case I can think of where you would use something other than PLAIN over SSL/TLS is if you choose to authenticate with certificates instead of passwords. Otherwise, I'd leave it at PLAIN.

like image 131
kitti Avatar answered May 15 '26 06:05

kitti
Sign in to Comment

Related questions

Show a page only if user is signed in? Ruby/Devise
Set a property on window with cypress
Error: React Context is unavailable in Server Components
Synchronization between SQLite and Firebase database, when users are offline data stored in sqlite and when online data gets stored on firebase
Best practice to authenticate an ashx request
How to validate user session on every page
How to differentiate the first time registered and regular logged in user in django
Firebase authentication with custom backend
authenticating users / socket io
VSCode "Writing login information to the keychain failed with error 'UNIX[No such file or directory]'."

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!