Hi! Jonathan Batista de Araujo Neto wrote: > Hello, > > > > I noticed that the contacts get exposed on the compose page, that is, > everyone reading the source could take the whole list in a text file, so > he could send spam. It does not really make any difference if the code is there as raw HTML or as JavaScript array - it is still data that is transferred from the server to the client so it can be read and used in other ways than you would expect.
> > It’s not a problem for personal contacts, but if you’re in a huge > company using LDAP, this could not be a good idea. > > > > One of our programmers get around this, but using ajax and getting the > contacts straight to a certain javascript var, instead of defining that > on the page code. Since Roundcube has new realeases we had to do the > workaround every time. Still the data is transferred over the wire... no difference. > > > > Maybe you can integrate this “feature” on the mainstream, if of your > interest. I can send the hacked code for the version 0.1. > > > > Thanks a lot > > > > Jonathan Araújo > > Administrador de Infra-estrutura de TI > > Gerência de TI - INDG S.A. > > > _______________________________________________ List info: http://lists.roundcube.net/dev/
