Kari I appreciate your response and hope you understand that my viewpoint is in no way a personal attack towards you, just ideas on how I think RC should develop. I understand your concerns of supporting your clients, and how "other" webmail solutions provide password changing - however I don't think RC should have a feature just because others do. My feeling is there's a lot more important core things that need to be addressed, while there are secure web-based passwd changing utilities out there.
http://www.unicom.com/sw/web-chpass/ http://changepassword.sourceforge.net/ http://www.wagemakers.be/english/programs/cgipaf http://freshmeat.net/projects/cypr/
If I were you I'd grab one of those, (this one looks the simplest and most complete: http://changepassword.sourceforge.net/img1.jpg) get it working, copy the code out of the working page, copy RC's login page, rework it with the passwd-changing code - then create a link under 'Personal Settings' to point to your new page. That would solve your concerns of user experience, as well as security. Then you could release it as a patch or plugin for others to try.
I'm in complete agreement that other wemail projects (openwebmail and squirrelmail) has suffered from way too many plugin options, but I approve of how none of them are included in the default install (squirrelmail), they're all option and they change in response to the project - the project doesn't change in response to the plugins.
P
On Fri, 09 Dec 2005 10:22:54 +0200, Kari Päivärinta kari.paivarinta@vtoasp.net wrote:
I have to say, I don't think that it would be very userfriendly for our customers to have a second separate systems just to change password. "I'm having this great myrandommail.com account which has excellent webmail, but if I want to change my password once a year I have to go to some other passwd.myrandommail.com-site and there I can change my password."
OK, it's not a pure mail client feature, but as webmail for some cases is the only client to access mail it wouldn't do harm if it included the password change option. For example I have mail accounts for my family (yes, grandma too), friends and so on.. I don't want to teach each of them aging from 13 to 80(?) how to use SSH to just change their webmail password. Neither do I see that it would be a good solution for them or to me as an administrator to set up Webmin (or likes) complicated gizmos for such a (seamingly) simple task. And let me quote you here: "I wouldn't trust it to be secure.".
After posting this request I thought more of it and remembered that as RC is using IMAP to connect perhaps remote mailservers there isn't allways the connection to server itself on any other level than IMAP. This makes the password feature seem to be quite obsolete and far fetched to build in this remote mail client. But on the other hand I see the usage just like all my webmail installations where the webmail is running even on the mailserver itself. And I tend to think that more often the system is being used to access "local" mail than remote.
Against these thoughts I find your comment "not a full fledged web/server/email/smtp/spam/virus implementation" a bit unfair as I'm just querying for an obvious and rather (seamingly) simple feature for a system that is going to be the only boundary between my systems (which are taking care of webserver, smtp, spam and virus etc.) and the users who just want to read their email and once a year (atleast, I hope) to change their password. It's shouldn't be an "admin feature" to change your own personal password.
So webmail will be their only system, I'm not going to use any other "webmins". I just wish that it could be somehow implemented within the webmail and if it's not going to be "mainstream" I can make my own modifications there - no problem. I've just learned to keep my own mods as few as possible with openwebmail which is the system I now want to replace because with the quantity of mods I need to be doing there practically disables future updates.
So far RC is very promising and I just love the simplicity of it (versus the few thousand insignificant options of openwebmail that it's trying to thow at simple users face). It's just lacking the password changing feature to get being used for all my noncommercial users. And by the way it's implemented I don't even expect it from it but it would certainly be a bonus.
RC <3
-- Kari
PS: Sorry. :)
phil wrote:
On Thu, 8 Dec 2005 17:16:34 +0000, Craig Webster craig@xeriom.net
wrote:
Hi Kari P?iv?rinta, On Thu, Dec 08, 2005 at 02:09:34PM +0200 you wrote something like:
Could it be possible to build a change password feature to the RoundCube? I have users who don't have (or never will have) shell access so this is the single most important feature needed to change my RounCube to my primary webmail.
I have to say, I don't think that a mail client should have access to change the passwords; it produces an awful lot of dependencies on the
I'm totally in agreement with this, Roundcubemail is supposed to be a
webmail client, not a full fledged web/server/email/smtp/spam/virus implementation, something that Novell's Hula is supposed to be; it's a webmail client, and the best one out there yet IMHO. Look at the about page: http://www.roundcube.net/?p=about there's nothing on there that says it wants to be anything more, and I for one hope that doesn't change, the focus should be on useabilty and functionality within a client webmail realm; not OS level functions. If you want/need to change user passwords, I'd recomment something like Webmin - or some homegrown password change webpage, though I wouldn't trust it to be secure. I dont' think Roundcube is ready to jump into any Corp environments, so I don't see a need to do anything beyond that yet. I would hope in the future that they're be a sep project, an admin gateway that would compliment Roundcube - but again, with all the backends being so disparate, who k
nows how many functions it would have to cover. Again, I don't want
those admin features in a web client, but would see it being a sep/complimentary project.
P
http://fak3r.com - you don't have to kick it
-- http://fak3r.com - you don't have to kick it