So I’ve been toying around the idea of a replacement HTTPMail server for Outlook Express for a while.
For anyone not in the know, HTTPMail was an HTTP-based Hotmail gateway utilizing WebDAV, and was implemented for Outlook Express to supply Hotmail users with an easy way to get their Hotmail accounts linked onto the mail client without extra SMTP server setup.
Initially, I had followed this documentation, considering that almost all documentation for HTTPMail is scarce, but because the structure of how the authentication process worked was kind of confusing, I decided to lay off the project.
Today, I randomly decided to see if the HTTPMail server was still fruitful, and from actually realizing that the authentication was fully described on in an IETF document regarding now-insecure HTTP authentication methods. It seems that there were two types of authentication methods supplied: Basic
and Digest
.
Basic
authentication actually involves the most risky method of authentication: supplying the username and cleartext password encoded in Base64, which can open you up to even the most script-kiddish of hackers entering into your account nowadays, while Digest
authentication involves a somewhat more plausible, but still insecure method of authentication: MD5 hashing a concatenation of the username, password, a nonce specified by the server, the HTTP method used, and the requested URI.
Only focusing on the Digest
authentication, I was about to quickly abandon the project, considering that the server needs the username and password to intertwine Outlook.com and introduce email services to the email client utilizing HTTPMail. Then I was aware of the Basic
authentication method after reading a bit of the RFC, and although it is extremely flawed, I felt it would be worth it to implement it onto the server, also considering that I now don’t plan for this to be an actual public service (Oh my, no).
After getting yet another aiohttp server in Python set up and hooking up OE 5.5 on a Windows 98 VM of mine to connect to my local server, it can authenticate with Basic
. Now all I have to do is get the intertwining stuff finished and refine things in the backend, and it’s all good to go.
Now if I could just figure out how I can get a proper DeltaSync server running…