I had posted this on the RoundCube forums as well, but someone pointed out to me this (the mailing list) would be a better place for requesting new features.
If this isn't the proper place to request new features, please let me know (and accept my apologies).
I'm guessing that in most cases, RC is creating the wrong default identity for new users since it either uses $rcmail_config['default_host'] or virtusertable. In both cases the chances this actually creates a usable identity are slim. For several reasons.
So my request is to force a user to create a new identity the first time he logs in, or at least have him confirm the identity created by RC.
The way it is now not only utterly confuses a lot of users, but poses a serious security risk as well because if a user doesn't change his identity, it exposes information you really don't want exposed (especially when a mail domain is a virtual domain with virtual users. RC will actually expose the real server name and a real username -and this is a serious security risk).
Thanks in advance.
Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
List info: http://lists.roundcube.net/dev/
C P wrote:
I had posted this on the RoundCube forums as well, but someone pointed out to me this (the mailing list) would be a better place for requesting new features.
If this isn't the proper place to request new features, please let me know (and accept my apologies).
I'm guessing that in most cases, RC is creating the wrong default identity for new users since it either uses $rcmail_config['default_host'] or virtusertable. In both cases the chances this actually creates a usable identity are slim. For several reasons.
So my request is to force a user to create a new identity the first time he logs in, or at least have him confirm the identity created by RC.
The way it is now not only utterly confuses a lot of users, but poses a serious security risk as well because if a user doesn't change his identity, it exposes information you really don't want exposed (especially when a mail domain is a virtual domain with virtual users. RC will actually expose the real server name and a real username -and this is a serious security risk).
Thanks in advance.
Express yourself instantly with MSN Messenger! MSN Messenger
http://clk.atdmt.com/AVE/go/onm00200471ave/direct/01/
List info: http://lists.roundcube.net/dev/
Please use http://trac.roundcube.net to post this issue. It is really interesting.
Dennis P. Nikolaenko wrote:
C P wrote:
So my request is to force a user to create a new identity the first time he logs in, or at least have him confirm the identity created by RC.
Please use http://trac.roundcube.net to post this issue. It is really interesting.
There is a ticket for this already, but I do not know if it is currently closed or open. I wrote a patch a long time ago to force a user to the Identity screen upon first login. I'm not sure what happened to it, but I know someone else had looked at it just a month or two ago.
I'll see if I can dig it up anywhere. _______________________________________________ List info: http://lists.roundcube.net/dev/
Jim Pingle wrote:
Dennis P. Nikolaenko wrote:
C P wrote:
So my request is to force a user to create a new identity the first time he logs in, or at least have him confirm the identity created by RC.
Please use http://trac.roundcube.net to post this issue. It is really interesting.
There is a ticket for this already, but I do not know if it is currently closed or open. I wrote a patch a long time ago to force a user to the Identity screen upon first login. I'm not sure what happened to it, but I know someone else had looked at it just a month or two ago.
I'll see if I can dig it up anywhere.
Well that was easier to find than I had anticipated: http://trac.roundcube.net/ticket/1291605 _______________________________________________ List info: http://lists.roundcube.net/dev/
I'm very new to this whole "Trac" system as well as this mailing list. So I'm not sure how to create a new ticket for this. I saw the existing ticket and the problem was first reported 3 years ago and still hasn't been changed, making me believe the developers don't see the severity of the situation.
The existing ticket doesn't mention the security risks involved which is the main reason I want this feature implemented. If people send email around with wrong identities, that's a nuisance. But if they expose information that should never be exposed (like the servers they login to and the login names they use to do it), that's a serious security risk. So I would really like to open a new ticket for this and emphasize on the security. Problem is I haven't figured out yet how, so I will go through the website. But if someone can give me a nudge in the right direction, saving me some time in the process, that would be greatly appreciated. ;)
Jim Pingle wrote:
Dennis P. Nikolaenko wrote:
C P wrote:
So my request is to force a user to create a new identity the first time he logs in, or at least have him confirm the identity created by RC.
Please use http://trac.roundcube.net to post this issue. It is really interesting.
There is a ticket for this already, but I do not know if it is currently closed or open. I wrote a patch a long time ago to force a user to the Identity screen upon first login. I'm not sure what happened to it, but I know someone else had looked at it just a month or two ago.
I'll see if I can dig it up anywhere.
Well that was easier to find than I had anticipated: http://trac.roundcube.net/ticket/1291605
Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
List info: http://lists.roundcube.net/dev/
C P wrote:
I'm very new to this whole "Trac" system as well as this mailing list. So I'm not sure how to create a new ticket for this. I saw the existing ticket and the problem was first reported 3 years ago and still hasn't been changed, making me believe the developers don't see the severity of the situation.
The existing ticket doesn't mention the security risks involved which is the main reason I want this feature implemented. If people send email around with wrong identities, that's a nuisance. But if they expose information that should never be exposed (like the servers they login to and the login names they use to do it), that's a serious security risk. So I would really like to open a new ticket for this and emphasize on the security. Problem is I haven't figured out yet how, so I will go through the website. But if someone can give me a nudge in the right direction, saving me some time in the process, that would be greatly appreciated. ;)
Create yourself an account by registering. Use "Register" link under the search field at trac.roundcube.net and then login and add your comments to the ticket.
But the active ticket is filed under "Patches". Wouldn't it be better to create a new ticket under "Feature Requests" or "Bugs" even? Or wouldn't that matter? (like I said, I'm new to this whole ticket system)
Create yourself an account by registering. Use "Register" link under the search field at trac.roundcube.net and then login and add your comments to the ticket.
Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
List info: http://lists.roundcube.net/dev/
C P wrote:
But the active ticket is filed under "Patches". Wouldn't it be better to create a new ticket under "Feature Requests" or "Bugs" even? Or wouldn't that matter? (like I said, I'm new to this whole ticket system)
Create yourself an account by registering. Use "Register" link under
the
search field at trac.roundcube.net and then login and add your comments to the ticket.
Better add your comments to existing ticket. Your new ticket is likely to be closed as DUPLICATE.