Hello,
will there be a version without AES? I am not going to install mcrypt PHP-extension just for using this module.
Greetings, XerraX

Comments

preventingchaos’s picture

Sorry for taking so long to respond...I think I need to find someone else to take over these projects...I haven't had time to mess with them, and have lost my momentum and interest on them.

I suppose it would be good to make the AES module optional, for occasions where people don't consider it necessary.

The reason I was using the AES module was for temporarily storing the users email password in the database in an encrypted form that can be decrypted whenever the mail server needs to be accessed. Obviously it's not completely secure in that fashion, but it's a little better than not encrypting it at all, so a database compromise can reveal all the email account passwords. The emails are only stored while the user is logged in, though. When the user logs out, the email account password is cleared. One thing I don't think I setup was for when a person leaves the site without actually logging out, which will end up leaving the password (still in encrypted form) in the database until after they actually go through the logout process.

If I get back into the code, I will change it so if the AES module is installed, you can enable/disable the encryption capabilities.

preventingchaos’s picture

Version: 5.x-2.0-beta1 »
Assigned: Unassigned » preventingchaos
Status: Active » Fixed

I am working on Mail API from scratch for Drupal 6, and it does not require the AES module. I will consider backporting the module to Drupal 5 once the rewrite is finished, if there's demand for it...I don't know how long it will be before it gets to that point, but there's been healthy progress since I've started the rewrite last week, so hopefully it doesn't take long.

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.