From c6abdc8f230c483410a40f621bfca73433eb1fb0 Mon Sep 17 00:00:00 2001
From: mguessan <mguessan@3d1905a2-6b24-0410-a738-b14d5a86fcbd>
Date: Wed, 20 Jan 2010 22:24:45 +0000
Subject: [PATCH] Doc: add a security section in the FAQ

git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@922 3d1905a2-6b24-0410-a738-b14d5a86fcbd
---
 src/site/xdoc/faq.xml | 34 +++++++++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/src/site/xdoc/faq.xml b/src/site/xdoc/faq.xml
index df988db7..b5b5e318 100644
--- a/src/site/xdoc/faq.xml
+++ b/src/site/xdoc/faq.xml
@@ -69,9 +69,37 @@
                 <p>
                     <strong>Is Exchange 2010 supported ?</strong>
                 </p>
-                <p>Currently, the answer is no. As Microsoft decided to drop WebDav support in Exchange 2010, DavMail will
-                not work with this new version. New Exchange Web Service support compatible with Exchange 2010 is in the
-                roadmap, but not yet available.</p>
+                <p>Currently, the answer is no. As Microsoft decided to drop WebDav support in Exchange 2010, DavMail
+                    will
+                    not work with this new version. New Exchange Web Service support compatible with Exchange 2010 is in
+                    the
+                    roadmap, but not yet available.
+                </p>
+            </subsection>
+
+            <subsection name="Security">
+                <p>
+                    <strong>How do I secure DavMail connections ?</strong>
+                </p>
+                <p>Communication between DavMail and you Exchange server is secured by default as long as you access
+                    OWA over HTTPS. Communication between the messaging client and DavMail is <em>not</em> secured by
+                    default. This is not an issue in standalone mode as all communication is local, but you may want
+                    to improve this in server (shared) mode. This is quite simple: you just need to get a server
+                    certificate in PKCS12 or JKS format and add it in the key store section in DavMail settings,
+                    see <a href="gettingstarted.html">Getting started</a>. You need to choose the key store type in
+                    davmail.ssl.keystoreType: PKCS12 for .p12 file and JKS for java generated key stores. Then set the full
+                    path to your certificate file in davmail.ssl.keystoreFile and the certificate file password in
+                    davmail.ssl.keystorePass. You may also have a key password in addition to the file password, specify it
+                    in davmail.ssl.keyPass.
+                    This will switch all DavMail services to SSL mode: POP3S/IMAPS/SMTPS/HTTPS/LDAPS.
+                </p>
+
+                <p>
+                    <strong>Are my credentials safe ?</strong>
+                </p>
+                <p>DavMail does not store Exchange username and password, they are provided by the messaging client over
+                    IMAP, HTTP, POP, SMTP or LDAP
+                </p>
             </subsection>
 
             <subsection name="Caldav (calendar)">