How to config roundcube save the login id & password? can i do that?
I want roundcube save the login id & password, so i do not need re-type it every time when i login.
Please help and thank you. _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80
2010.10.21 14:39, John Wong ras(e.:
How to config roundcube save the login id& password? can i do that?
I want roundcube save the login id& password, so i do not need re-type it every time when i login.
Please help and thank you.
Hmm, indeed -- why do we have autocomplete=off in the login form? We're not making a banking application.
Abuse of the autocomplete=off attribute on the web is indeed annoying. I would have noticed it myself had I used Roundcube more... Can we please have that attribute removed from the login form elements?
Regards,
Rimas
List info: http://lists.roundcube.net/dev/ BT/aba52c80
On Thu, Oct 21, 2010 at 02:54:03PM +0300, Rimas Kudelis wrote:
2010.10.21 14:39, John Wong ras(e.:
How to config roundcube save the login id& password? can i do that?
I want roundcube save the login id& password, so i do not need re-type it every time when i login.
Please help and thank you.
Hmm, indeed -- why do we have autocomplete=off in the login form? We're not making a banking application.
Abuse of the autocomplete=off attribute on the web is indeed annoying. I would have noticed it myself had I used Roundcube more... Can we please have that attribute removed from the login form elements?
Try the remember me plugin: http://code.google.com/p/myroundcube/.
2010.10.21 15:09, Denny Lin rašė:
On Thu, Oct 21, 2010 at 02:54:03PM +0300, Rimas Kudelis wrote:
2010.10.21 14:39, John Wong ras(e.:
How to config roundcube save the login id& password? can i do that?
I want roundcube save the login id& password, so i do not need re-type it every time when i login.
Please help and thank you.
Hmm, indeed -- why do we have autocomplete=off in the login form? We're not making a banking application.
Abuse of the autocomplete=off attribute on the web is indeed annoying. I would have noticed it myself had I used Roundcube more... Can we please have that attribute removed from the login form elements?
Try the remember me plugin: http://code.google.com/p/myroundcube/.
Thanks for the link, but:
The plugin (or maybe just a simple setting) should be needed to enable this attribute, not to disable it.
Rimas
List info: http://lists.roundcube.net/dev/ BT/aba52c80
Hmm, indeed – why do we have autocomplete=off in the login form? We're not making a banking application.
Speak for yourself, we happen to care about the privacy and security of our customers.
Think: internet cafe, a prime location for using webmail.
regards,
Cor
List info: http://lists.roundcube.net/dev/ BT/aba52c80
On Jueves, 21 de Octubre de 2010 14:09:55 Denny Lin escribió:
On Thu, Oct 21, 2010 at 02:54:03PM +0300, Rimas Kudelis wrote:
2010.10.21 14:39, John Wong ras(e.:
How to config roundcube save the login id& password? can i do that?
I want roundcube save the login id& password, so i do not need re-type it every time when i login.
Please help and thank you.
Hmm, indeed -- why do we have autocomplete=off in the login form? We're not making a banking application.
Abuse of the autocomplete=off attribute on the web is indeed annoying. I would have noticed it myself had I used Roundcube more... Can we please have that attribute removed from the login form elements?
Try the remember me plugin: http://code.google.com/p/myroundcube/.
Or the "remember password" bookmarklet:
https://www.squarefree.com/bookmarklets/forms.html#remember_password
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/Qw/sbRKrMNw/signature.asc Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/ BT/aba52c80
On Thu, 21 Oct 2010 15:07:00 +0200, Cor Bosman wrote:
Hmm, indeed – why do we have autocomplete=off in the login form? We're not making a banking application.
Speak for yourself, we happen to care about the privacy and security of our customers.
Think: internet cafe, a prime location for using webmail.
regards,
Cor
List info: http://lists.roundcube.net/dev/ BT/de6f0c6f
Maybe make this optional in main.inc.php setting, let people choice what they want to use. _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80
On Thu, 21 Oct 2010 20:09:55 +0800, Denny Lin wrote:
On Thu, Oct 21, 2010 at 02:54:03PM +0300, Rimas Kudelis wrote:
2010.10.21 14:39, John Wong ras(e.:
How to config roundcube save the login id& password? can i do that?
I want roundcube save the login id& password, so i do not need re-type it every time when i login.
Please help and thank you.
Hmm, indeed -- why do we have autocomplete=off in the login form? We're not making a banking application.
Abuse of the autocomplete=off attribute on the web is indeed annoying. I would have noticed it myself had I used Roundcube more... Can we please have that attribute removed from the login form elements?
Try the remember me plugin: http://code.google.com/p/myroundcube/.
Thank you. it (remember_me) work for me. _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80
2010.10.21 16:07, Cor Bosman rašė:
Hmm, indeed – why do we have autocomplete=off in the login form? We're not making a banking application.
Speak for yourself, we happen to care about the privacy and security of our customers.
Think: internet cafe, a prime location for using webmail.
I don't think the prime location argument still applies. At least not universally.
On the other hand, I believe that Internet cafes should really care more about the privacy and security of their visitors. Password management features should be disabled, but often are not, in Internet cafes.
But there's a reason why browsers provide password management, it's called convenience. By telling the browser to disable that feature for one particular website, you're not only protecting those clients who check email in internet cafes, but also annoying those who do this at home, using their own Personal Computers. Plus, this doesn't educate the user at all.
This could at least be configurable by the administrator.
As an alternative, an unchecked-by-default checkbox could exist on the login page, which would use JS to remove the autocomplete=off attributes from the form elements when checked. This way, a user could at least opt in to use the save password feature explicitly.
Rimas _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80
On Jueves, 21 de Octubre de 2010 15:28:32 Rimas Kudelis escribió:
As an alternative, an unchecked-by-default checkbox could exist on the login page, which would use JS to remove the autocomplete=off attributes from the form elements when checked. This way, a user could at least opt in to use the save password feature explicitly.
This is a great idea
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/3F/7K+kNM3c/signature.asc Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/ BT/aba52c80
<off topic> I hope you're e-banking solution don't rely on username and password... ;-) but on strong authentication mechanisms. I wouldn't trust a bank that only has a username and password couple to login. </off topic>
I think it's a best practice to not store username and passwords on the browser you use. You should also have a different password for each service you use on the Internet.
Another solution would be to integrate roundcube with openID and then have an SSO between multiple services.
Regards,
Alain
On Thu, 21 Oct 2010 15:07:00 +0200, Cor Bosman cor@xs4all.nl wrote:
Hmm, indeed – why do we have autocomplete=off in the login form? We're not making a banking application.
Speak for yourself, we happen to care about the privacy and security of our customers.
Think: internet cafe, a prime location for using webmail.
regards,
Cor
List info: http://lists.roundcube.net/dev/ BT/13a4d060
On Thu, Oct 21, 2010 at 04:00:18PM +0200, Alain Nussbaumer wrote:
<off topic> I hope you're e-banking solution don't rely on username and password... ;-) but on strong authentication mechanisms. I wouldn't trust a bank that only has a username and password couple to login. </off topic>
I think it's a best practice to not store username and passwords on the browser you use. You should also have a different password for each service you use on the Internet.
Well, the password is encrypted, but I do agree with you. I was going to do a rewrite of the remember me plugin to store the data in the database instead. Unfortunately, I've been too busy to work on it.
hi,
I agree with Cor, the main reason i use Roundcube is the active maintained codebase and a healthy attitude towards privacy and security. For my 2 cents, security should have to be the deafult and users can opt out. If you develop unsafe defaults, many will use as-is.
On Thu, 21 Oct 2010 15:07:00 +0200, Cor Bosman cor@xs4all.nl wrote:
Hmm, indeed – why do we have autocomplete=off in the login form? We're not making a banking application.
Speak for yourself, we happen to care about the privacy and security of our customers.
Think: internet cafe, a prime location for using webmail.
regards,
Cor
List info: http://lists.roundcube.net/dev/ BT/cb341a36
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I agree.
On 21-10-2010 13:55, pete wrote:
hi,
I agree with Cor, the main reason i use Roundcube is the active maintained codebase and a healthy attitude towards privacy and security. For my 2 cents, security should have to be the deafult and users can opt out. If you develop unsafe defaults, many will use as-is.
On Thu, 21 Oct 2010 15:07:00 +0200, Cor Bosman cor@xs4all.nl wrote:
Hmm, indeed – why do we have autocomplete=off in the login form? We're not making a banking application.
Speak for yourself, we happen to care about the privacy and security of our customers.
Think: internet cafe, a prime location for using webmail.
regards,
Cor
List info: http://lists.roundcube.net/dev/ BT/cb341a36
List info: http://lists.roundcube.net/dev/ BT/aba52c80
Hi,
2010.10.21 18:55, pete rašė:
I agree with Cor, the main reason i use Roundcube is the active maintained codebase and a healthy attitude towards privacy and security. For my 2 cents, security should have to be the deafult and users can opt out. If you develop unsafe defaults, many will use as-is.
Yeah, except they can't even opt in right now, without using third-party code.
Don't get me wrong: I do like sane security measures, but not always the goal justifies the measures. In this case, I see this absolute inability to save password as an annoyance.
Then also, consider the fact that the same user is quite likely to use the same password elsewhere (e.g. facebook, which coincidently uses email address as the user name), which in my eyes makes this security measure even weaker. And you can't expect the user to use different passwords everywhere until this becomes convenient enough (as in type once, save for later, synchronize between desktops).
Rimas _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80
On Thu, 21 Oct 2010 19:23:10 +0300, Rimas Kudelis wrote:
Hi,
2010.10.21 18:55, pete rašė:
I agree with Cor, the main reason i use
Roundcube is the active maintained
codebase and a healthy attitude
towards privacy and security. For my 2
cents, security should have to
be the deafult and users can opt out. If you
develop unsafe defaults,
many will use as-is.
Yeah, except they can't even opt in right now,
without using third-party
code.
Don't get me wrong: I do like
sane security measures, but not always the
goal justifies the
measures. In this case, I see this absolute inability
to save
password as an annoyance.
Agreed. It would be nice to at least let autocomplete save the username, and let the user decide whether to save the password or not using the browser's features (Not Now, Never, etc.).
Then also, consider the fact that the same user is quite
likely to use
the same password elsewhere (e.g. facebook, which
coincidently uses
email address as the user name), which in my eyes
makes this security
measure even weaker. And you can't expect the
user to use different
passwords everywhere until this becomes
convenient enough (as in type
once, save for later, synchronize
between desktops).
Rimas
List info:
http://lists.roundcube.net/dev/ [1]
BT/b28e7101
[1] http://lists.roundcube.net/dev/
List info: http://lists.roundcube.net/dev/ BT/aba52c80
Rimas Kudelis wrote:
2010.10.21 16:07, Cor Bosman rašė:
Hmm, indeed – why do we have autocomplete=off in the login form? We're not making a banking application.
Speak for yourself, we happen to care about the privacy and security of our customers.
Think: internet cafe, a prime location for using webmail.
I don't think the prime location argument still applies. At least not universally.
On the other hand, I believe that Internet cafes should really care more about the privacy and security of their visitors. Password management features should be disabled, but often are not, in Internet cafes.
But there's a reason why browsers provide password management, it's called convenience. By telling the browser to disable that feature for one particular website, you're not only protecting those clients who check email in internet cafes, but also annoying those who do this at home, using their own Personal Computers. Plus, this doesn't educate the user at all.
This could at least be configurable by the administrator.
OK, for now we have a new option in config/main.inc.php which by default disables autocompletion (as the skin template did). It will be released soon with 0.5-beta.
~Thomas _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80
On Wed, 24 Nov 2010 13:01:28 +0100, Thomas Bruederli wrote:
Thank you. It just work.
OK, for now we have a new option in config/main.inc.php which by default disables autocompletion (as the skin template did). It will be released soon with 0.5-beta.
~Thomas _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/de6f0c6f
List info: http://lists.roundcube.net/dev/ BT/aba52c80