chasd wrote: > I think it isn't such a good idea either. > If you have e-mail messages that fall under a NDA, you'd want that > connection encrypted at all times, not just to protect the > authentication. > > If you have the time and the skill to hack on the code, this might be > doable, but what you are looking for isn't built in standard.
See http://trac.roundcube.net/ticket/1485461 and http://trac.roundcube.net/ticket/1485336 for hints. Again, partial HTTPS is not a security at all. Attacker may hijack the cookie and use it to browse the mailbox -- Dennis _______________________________________________ List info: http://lists.roundcube.net/users/
