Hi,
I am trying to write a plugin which simply adds a button on the taskbar, which provides a link to a secured webpage.
This page is secured by a basic HTTP authentication.
Actually, for those who might be interested, this webpage is the DSPAM Control Center.
As you might have understood, I would like that the credentials used for RoundCube provide the HTTP authentication (both the IMAP server and DSPAM CC use the same database).
For now, I have been able to add a link which uses a
https://username:password@host.tld scheme. It does work, but I am concerned by the fact the user password appears in clear on RoundCube.
I attach what I have done so far to give an idea.
I would like to be able to make something similar but in a more "secure" way (considering both RC and DSPAM CC are secured via SSL, I am OK to use unencrypted GET, but I want to avoid that the password appears on the webmail, in case a user leaves a session open while having a lunch for example!).
I am pretty sure javascript can help me, but I am not much of a programmer and I am not sure to really understand the way the RC plugin API works...
The following JS snippet could help, but I cannot understand how I can integrate it in RC:
var url = "https://" + username + ":" + password + "@domain.com"
http.open("get", url, false, username, password);
http.send("");
if (http.status == 200) {
document.location = url;
}
Thanks in advance for your comments. Any help will be appreciated!
Cheers,
Julien