We have about 1500 contacts and we didn't have any problems with performance at all. Maybe because all our clients have good Internet connection. I don't see this as a bug or issue, sorry if it sounded like this.
According to our company's police, we should discourage any kind of mass email (avoiding is impossible), and this modification would be interesting in that aspect. I solved my problem already, because it's open source, but I think it would be useful for someone else too, so my suggestion. I don't see a security problem here, but a policy compliance.
I think that if Roundcube aims to be used in Business this would be a nice feature. See for example, the Outlook Web Access, that is well accepted in the market. It doesn't have the contacts in the compose page (neither autocompletion ). Personally, I think that Roundcube is much better than OWA, though.
Jonathan Araújo Administrador de Infra-estrutura de TI Gerência de TI - INDG S.A.
-----Mensagem original----- De: dev-bounces+jonathanneto=indg.com.br@lists.roundcube.net [mailto:dev-bounces+jonathanneto=indg.com.br@lists.roundcube.net] Em nome de Michael Baierl Enviada em: terça-feira, 28 de outubro de 2008 12:27 Para: RoundCube Dev Assunto: Re: [RCD] RES: RES: Contacts gettiong exposed on html
till wrote:
Again, YOUR contacts show in the html source and you talk about security? Or am I mis-understanding an issue here.
I did not bring up the security issue nor did I test what happens in case of an LDAP directory.
No, it's easier and less expensive to pull it once and so to speak "cache" them in the source code/clientside and perform the auto-complete without a server request. Otherwise it will be slower and more expensive as you hit the database or your LDAP directory for every key-event.
So every time I compose a new mail all my 500 (imagine 1000 or 5000 contacts!) are downloaded to the client... instead of just my girlfriends contact via AJAX whom I want to send a mail to. Not very efficient on slow connections!
Mike