On Thu, 21 Oct 2010 19:23:10 +0300, Rimas Kudelis wrote:
Hi,
2010.10.21 18:55, pete rašė:
I agree with Cor, the main reason i use
Roundcube is the active maintained
codebase and a healthy attitude
towards privacy and security. For my 2
cents, security should have to
be the deafult and users can opt out. If you
develop unsafe defaults,
many will use as-is.
Yeah, except they can't even opt in right now,
without using third-party
code.
Don't get me wrong: I do like
sane security measures, but not always the
goal justifies the
measures. In this case, I see this absolute inability
to save
password as an annoyance.
Agreed. It would be nice to at least let autocomplete save the username, and let the user decide whether to save the password or not using the browser's features (Not Now, Never, etc.).
Then also, consider the fact that the same user is quite
likely to use
the same password elsewhere (e.g. facebook, which
coincidently uses
email address as the user name), which in my eyes
makes this security
measure even weaker. And you can't expect the
user to use different
passwords everywhere until this becomes
convenient enough (as in type
once, save for later, synchronize
between desktops).
Rimas
List info:
http://lists.roundcube.net/dev/ [1]
BT/b28e7101
Links:
[1] http://lists.roundcube.net/dev/
List info: http://lists.roundcube.net/dev/ BT/aba52c80