One who cares so much about security should not use an address book, nor web-mail.
There's really no security concern here. Regards, D. till ??????: > On Tue, Oct 28, 2008 at 3:57 PM, Michael Baierl <[EMAIL PROTECTED]> wrote: > >> Ok, >> now I verified the issue - all contacts are shown in a JavaScript >> section of the page when a new mail is composed - this is not very smart >> for two reasons. One has already been outlined - security - but the >> other one is even more important - performance. >> > > Again, YOUR contacts show in the html source and you talk about > security? Or am I mis-understanding an issue here. > > >> Imagine there are 500 contacts in the database - all of those will be >> transferred whenever a mail is composed, which is not needed. Instead >> the auto-completion should use an AJAX request back to the server and >> don't search on the client side. Yeah, it will be a bit slower for the >> end user to get suggestions on autocompletion, but the overall page will >> load way faster! >> > > No, it's easier and less expensive to pull it once and so to speak > "cache" them in the source code/clientside and perform the > auto-complete without a server request. Otherwise it will be slower > and more expensive as you hit the database or your LDAP directory for > every key-event. > > >> Any plans to fix this in the next Roundcube release? >> > > As far as I can see, there is no bug here and nothing to be fixed. > > Till > _______________________________________________ > List info: http://lists.roundcube.net/dev/ > > _______________________________________________ List info: http://lists.roundcube.net/dev/
