On Thu, 21 Oct 2010 19:23:10 +0300, Rimas Kudelis wrote:

Hi,

2010.10.21 18:55, pete rašė:
I agree with Cor, the main reason i use Roundcube is the active maintained
codebase and a healthy attitude towards privacy and security. For my 2
cents, security should have to be the deafult and users can opt out. If you
develop unsafe defaults, many will use  as-is.

Yeah, except they can't even opt in right now, without using third-party 
code.

Don't get me wrong: I do like sane security measures, but not always the 
goal justifies the measures. In this case, I see this absolute inability 
to save password as an annoyance.

Agreed. It would be nice to at least let autocomplete save the username, and let the user decide whether to save the password or not using the browser's features (Not Now, Never, etc.).

Then also, consider the fact that the same user is quite likely to use
the same password elsewhere (e.g. facebook, which coincidently uses
email address as the user name), which in my eyes makes this security
measure even weaker. And you can't expect the user to use different
passwords everywhere until this becomes convenient enough (as in type
once, save for later, synchronize between desktops).

Rimas
_______________________________________________
List info: http://lists.roundcube.net/dev/
BT/b28e7101