Author Topic: Enable SSL just for login  (Read 5878 times)

Offline dennylin93

  • Jr. Member
  • **
  • Posts: 17
Enable SSL just for login
« on: February 08, 2010, 08:55:30 PM »
Hi, I saw ticket #1484764 a while ago.

I'd like to see this feature implemented, and I'll try to come up with a patch in a few days.

However, I'm not really sure if it's secure. RC seems to store the user's password in $_SESSION['password'], and it's decrypted whenever the password's needed. Is session data stored on the server or on the client's computer?

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Enable SSL just for login
« Reply #1 on: February 08, 2010, 10:09:11 PM »
It is stored on the server.

Offline dennylin93

  • Jr. Member
  • **
  • Posts: 17
Enable SSL just for login
« Reply #2 on: February 08, 2010, 10:50:45 PM »
Great. I'll start working on it as soon as I have some spare time.