Am 28.12.2012 00:24, schrieb Jan M. Dziewulski: > On 27/12/2012 23:17, Robert Moskowitz wrote: > >> hmmm. Thinking (really!) I should change it back and try >> https:/.../webmail and see if it works. If it does, I need to add a >> force redirect to the roundcube.conf. Thinking more, this is reasonable >> as this is how my current squirrelmail works. > > But shouldn't people be accessing it via https anyway? I mean without the > need for a redirection? Adding a > redirection increases security issues (for your site) so I personally would > not be keen to do that
it does not if it is done right <Directory "roundcube-dir"> php_admin_flag session.cookie_secure "1" </Directory> this makes sure that there will NEVER a client send the session cookie unencrypted, if you get a external security audit and do not use tis setting for https sites you will get warned by the auditor and if not he did not make his job!
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
