Authentication and security issues are of course important, and I do not regard myself as an expert in those areas. Hence those parts of the code in riwos are as Sam Varshavchik wrote it. The demo is available to see how it works and looks like. It should be obvious, that there are things like account locking and starting a session through javascript without a login page are not included in the becoming (?) distribution.
My users are choosing riwos-sqwebmail at 95-5 ratio. I use riwos, because I like it more than the original. I started the project to make my sqwebmail more the way I wanted it. I felt the result was good enough to give out for others to use. Your choice is rather simple. If you don't like, don't use it.
Taking the advantage of css also brings along the downsides of it. My css works okay with mozilla and most msie versions. That's enough for my needs. Others, like konqueror or opera probably will find some difficulties.
Therefore I have asked css experts to join the group. There are none so far, maybe scared off by this security nonsense?
The few things lacking from the present state of riwos are not dropped from source. All there is to it, is to use the couple of hours to rewrite the specific templates.
matti
James A Baker writes:
On Wednesday, Oct 1, 2003, at 01:54 US/Central, matti wrote:
James A Baker kirjoittaa:On Wednesday, Oct 1, 2003, at 00:59 US/Central, matti wrote:[...] If these files are backward browsable with visible history is insingificant. [...]No. The point is that this *IS* significant. -- Maybe not to you necessarily, but it would be to other people who might be accessing their account from someone else's computer. -jab
Rubbish The *DEMO* is open. Password is public. Where is the risk?
They're saying that they're concerned the riwos code does the same with all accounts, not just the demo you made available.
Personally, I haven't investigated the issue, because I don't actually plan on installing riwos. -- SqWebMail is enough for me to configure by itself... I don't much want to install another whole product that's based on sqwebmail, just to test that one out too. =)
If the main riwos code doesn't expose the URL paths to history lists, then that's great. But the other guys were saying they seemed to think (apparently based on their experience with the demo) that it merely hid the URL's from the user's window... and not from the history list like sqwebmail does.
As for me... I don't know. I haven't even tried to determine whether it does or not. :-) I was just saying their concern is valid -- if what they think happens, does happen.
-jab
____________________________________________________________________
Matti Riikari
email [EMAIL PROTECTED]
tel +358405544545
mail Paltvuori 23310 Taivassalo FIN
web http://www.riikari.net
_____________________________________________________________________
