On 05/09/15 19:54, AC wrote: > Until this thread I didn't know that the
> password is base64 encoded in the AUTH PLAIN debug output (before it's
> printed as plain text in $auth3 otherwise). I assumed it was a hashed
> string so I didn't expect it to match every time.
Because of this, restricting plaintext auth methods to encrypted
connections is a good move.
--
Cheers,
Jeremy