I don't understand, is your entire addressbook "exposed", or just the user's contacts?
The common LDAP addressbook is "exposed" at the compose page code. There's no problem of one user reading the contacts of someone else.
Also, if a user has access to your addressbook, isn't there a certain level of trust already?
Yes, there's some level trust. All my users can send emails to each other, placing the desired contacts in the "to:", "bcc:" or "cc:" fields.
What I'm wanting to avoid is that someone just "right click" on the compose page and "show source code". Then, copy all contacts, and past it at "bcc:", for sending spam for all other users.
He would have to hack the HTML page and open another .js file or create a script for getting it with an ajax page. That is, I want get things harder for dummy users wishing to send spam mail.
Thanks a lot for your help
Jonathan Araújo Administrador de Infra-estrutura de TI Gerência de TI - INDG S.A.
Este documento pode incluir informação confidencial e de propriedade restrita do Instituto de Desenvolvimento Gerencial-INDG e apenas pode ser lido por aquele(s) a quem sido endereçado. Se você recebeu esta mensagem de e-mail indevidamente, por favor avise-nos imediatamente. Quaisquer opiniões ou informações contidas neste e-mail pertencem ao seu remetente e não necessariamente coincidem com as do Instituto de Desenvolvimento Gerencial-INDG. Este documento não pode ser reproduzido, copiado, distribuído, publicado ou modificado por terceiros, sem a prévia autorização por escrito do Instituto de Desenvolvimento Gerencial-INDG.
This document may include proprietary and confidential information of Instituto de Desenvolvimento Gerencial-INDG, and may only be read by those persons to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. Any views or opinions expressed in this e-mail are those of the sender and do not necessarily coincide with those of the Instituto de Desenvolvimento Gerencial - INDG. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without the prior written consent of Instituto de Desenvolvimento Gerencial-INDG.
List info: http://lists.roundcube.net/dev/