Message213510
To expand on that point a little: in the past, I could happily use the SMTP_SSL class (say) without thinking about certificates or server hostname verification, or pretty much of anything. This produced no verification, of course, which is the problem we are trying to solve. So we should have recipes *somewhere* in the docs that show how to use these facilities securely. It isn't obvious what the default security level currently is. |
|
Date |
User |
Action |
Args |
2014-03-14 01:48:01 | r.david.murray | set | recipients:
+ r.david.murray, loewis, rhettinger, pitrou, vstinner, christian.heimes, ezio.melotti |
2014-03-14 01:48:01 | r.david.murray | set | messageid: <1394761681.48.0.0368871951763.issue20913@psf.upfronthosting.co.za> |
2014-03-14 01:48:01 | r.david.murray | link | issue20913 messages |
2014-03-14 01:48:00 | r.david.murray | create | |
|