If you are really worried about it, you might want to check into purchasing a static IP address for your slice of the VPS. The cost of my VPS is quite reasonable and it includes its own static IP address that is unique to my slice.

On Mon, 04 Jul 2011 20:15:52 +0200, Whizart wrote:

Hi everybody,

I'm running roundcube on a shared webserver of a hosting service which
brings a question to my mind concerning security:
The hosting provider gives login credentials to its customers which are
all hosted at the same domain (e.g. customer12@provider.com). As
roundcube allows direct login to IMAP accounts I am afraid that other
customers are able to login to "my" roundcube installation with their
email-adress e.g. customer256@provider.com.

Is it possible to protect a roundcube installation so that only
specified logins are enabled?
So I want to be able to login with my account customer12@provider.com
but want to prevent other customers of the same domain @provider.com to
use roundcube.
Simply I would do this with a .htaccess-file but a more elegant way
would be preferable, I guess.

Thank you!
Bea