One who cares so much about security should not use an address book, nor web-mail.
There's really no security concern here.
Regards, D.
till ??????:
On Tue, Oct 28, 2008 at 3:57 PM, Michael Baierl mail@mbaierl.com wrote:
Ok, now I verified the issue - all contacts are shown in a JavaScript section of the page when a new mail is composed - this is not very smart for two reasons. One has already been outlined - security - but the other one is even more important - performance.
Again, YOUR contacts show in the html source and you talk about security? Or am I mis-understanding an issue here.
Imagine there are 500 contacts in the database - all of those will be transferred whenever a mail is composed, which is not needed. Instead the auto-completion should use an AJAX request back to the server and don't search on the client side. Yeah, it will be a bit slower for the end user to get suggestions on autocompletion, but the overall page will load way faster!
No, it's easier and less expensive to pull it once and so to speak "cache" them in the source code/clientside and perform the auto-complete without a server request. Otherwise it will be slower and more expensive as you hit the database or your LDAP directory for every key-event.
Any plans to fix this in the next Roundcube release?
As far as I can see, there is no bug here and nothing to be fixed.
Till _______________________________________________ List info: http://lists.roundcube.net/dev/
List info: http://lists.roundcube.net/dev/