I have developed an interface to dovecot IMAP server using 'PHP IMAP' library. I wanted this interface to be standalone and thus it might have deployed outside the mail server. I used to test the code with hard coded passwords and now I have the problem of handling authentication process in real scenario.
1) Since I use 'PHP IMAP' library, I have to open connection to the IMAP server using imap_open() and thus I must give the credentials to the API to work right? There is no other token base authentication which could used instead?
2) So in this case, I could get credentials from user, and then validate it with IMAP server and then keep it within the memory for further usages till the session expires right? Is this safe? Is there any other mechanism I could deploy to make it secure. Is it possible to do without saving the credentials for API consumption?
Thank you.
Aucun commentaire:
Enregistrer un commentaire