Roundcube Community Forum

SVN Releases => Requests => Topic started by: dennylin93 on February 08, 2010, 08:55:30 PM

Title: Enable SSL just for login
Post by: dennylin93 on February 08, 2010, 08:55:30 PM

Hi, I saw ticket #1484764 (http://trac.roundcube.net/ticket/1484764) a while ago.

I'd like to see this feature implemented, and I'll try to come up with a patch in a few days.

However, I'm not really sure if it's secure. RC seems to store the user's password in $_SESSION['password'], and it's decrypted whenever the password's needed. Is session data stored on the server or on the client's computer?

Title: Enable SSL just for login
Post by: SKaero on February 08, 2010, 10:09:11 PM

It is stored on the server.

Title: Enable SSL just for login
Post by: dennylin93 on February 08, 2010, 10:50:45 PM

Great. I'll start working on it as soon as I have some spare time.