Hi everybody,
I'm running roundcube on a shared webserver of a hosting service which brings a question to my mind concerning security: The hosting provider gives login credentials to its customers which are all hosted at the same domain (e.g. customer12@provider.com). As roundcube allows direct login to IMAP accounts I am afraid that other customers are able to login to "my" roundcube installation with their email-adress e.g. customer256@provider.com.
Is it possible to protect a roundcube installation so that only specified logins are enabled? So I want to be able to login with my account customer12@provider.com but want to prevent other customers of the same domain @provider.com to use roundcube. Simply I would do this with a .htaccess-file but a more elegant way would be preferable, I guess.
Thank you! Bea