20 Apr
2009
20 Apr
'09
3:24 p.m.
chasd wrote:
I think it isn't such a good idea either. If you have e-mail messages that fall under a NDA, you'd want that
connection encrypted at all times, not just to protect the
authentication.If you have the time and the skill to hack on the code, this might be
doable, but what you are looking for isn't built in standard.
See http://trac.roundcube.net/ticket/1485461 and http://trac.roundcube.net/ticket/1485336 for hints. Again, partial HTTPS is not a security at all. Attacker may hijack the cookie and use it to browse the mailbox -- Dennis
List info: http://lists.roundcube.net/users/