EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > Runbox Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Runbox Forum Everything related to Runbox should go here: suggestions, comments, complaints, questions, technical issues, etc.

Reply
 
Thread Tools
Old 3 Apr 2005, 09:29 AM   #1
MikhailT
Member
 
Join Date: Mar 2004
Posts: 76
[Feature request]Ability to stay logged in for like a week.

Can we have the ability to stay logged in for a week or two. Yes i know about the runbox.com/mail for one hour. But that is not enough for me, I use runbox all the time on my home pc and i would like to not log in every hour just to see what new email came in.
MikhailT is offline   Reply With Quote

Old 3 Apr 2005, 09:53 AM   #2
zapata
Essential Contributor
 
Join Date: Dec 2004
Location: Wien, Østerrike
Posts: 375
Why do you use webmail and not IMAP4?
Well at least IMAP4 on port 143 should work. Your MUA should support re-connect and keep-alive.

BR
Herbert
zapata is offline   Reply With Quote
Old 3 Apr 2005, 02:25 PM   #3
MikhailT
Member
 
Join Date: Mar 2004
Posts: 76
Because I do not want to use IMAP4 or any other protocal. I perfer to use the webmail interface.
MikhailT is offline   Reply With Quote
Old 3 Apr 2005, 09:41 PM   #4
marcus0263
Cornerstone of the Community
 
Join Date: Nov 2003
Location: Seattle
Posts: 594
That is not a feature request, it's a security hole. It would be irresponsible of Runbox to allow that.
marcus0263 is offline   Reply With Quote
Old 4 Apr 2005, 07:42 AM   #5
MikhailT
Member
 
Join Date: Mar 2004
Posts: 76
No it is not, it is a security problem if runbox allow it by default. That's why i say if we can have the "ability" meaning option. As in how gmail and other sites would do it. It has two options, do not remember(public pc) or do remember(private pc) the password on this computer.
MikhailT is offline   Reply With Quote
Old 4 Apr 2005, 09:59 AM   #6
jbs
Essential Contributor
 
Join Date: Oct 2003
Posts: 455
Quote:
Originally posted by marcus0263
That is not a feature request, it's a security hole. It would be irresponsible of Runbox to allow that.
An automatic logout after an hour is only necessary in a small number of circumstances.

For those of us who keep our PCs secure, who have BIOS passwords protecting login to the computer, who maintain physical security to access the PCs, etc, I would see nothing wrong with making the login persist for much longer.

If someone ever stole such a PC, you could always just login and change your passwords . . .

--Jason
jbs is offline   Reply With Quote
Old 4 Apr 2005, 11:18 AM   #7
carverrn
Intergalactic Postmaster
 
Join Date: Jan 2002
Location: Chicago, IL
Posts: 5,606

Representative of:
Runbox.com
MikhailT,

What browser do you use?

Regards,
Rich
carverrn is offline   Reply With Quote
Old 4 Apr 2005, 11:41 AM   #8
marcus0263
Cornerstone of the Community
 
Join Date: Nov 2003
Location: Seattle
Posts: 594
Quote:
Originally posted by jbs
An automatic logout after an hour is only necessary in a small number of circumstances.

For those of us who keep our PCs secure, who have BIOS passwords protecting login to the computer, who maintain physical security to access the PCs, etc, I would see nothing wrong with making the login persist for much longer.

If someone ever stole such a PC, you could always just login and change your passwords . . .

--Jason
Sniffer's? Hijacking?

I still disagree, keeping an open link is a hole. But if you must maintain an open link there's a Firefox plugin that you can set an automatic refresh rate, us it if you must. If you use IE you need to dump it and not look back. IE just has way to many security issues. Something about having a web browser that opens the door to infections by virus's and worms by just looking at a website is of grave concern. Dump IE and go with Firefox it's not 100% secure, but it's light years over IE
marcus0263 is offline   Reply With Quote
Old 5 Apr 2005, 12:02 AM   #9
MikhailT
Member
 
Join Date: Mar 2004
Posts: 76
Quote:
Originally posted by carverrn
MikhailT,

What browser do you use?

Regards,
Rich
Opera 8 latest beta and IE for sites that can't be loaded.
MikhailT is offline   Reply With Quote
Old 5 Apr 2005, 12:30 AM   #10
jbs
Essential Contributor
 
Join Date: Oct 2003
Posts: 455
Quote:
Originally posted by marcus0263
Sniffer's? Hijacking?

I still disagree, keeping an open link is a hole. But if you must maintain an open link there's a Firefox plugin that you can set an automatic refresh rate, us it if you must. If you use IE you need to dump it and not look back. IE just has way to many security issues. Something about having a web browser that opens the door to infections by virus's and worms by just looking at a website is of grave concern. Dump IE and go with Firefox it's not 100% secure, but it's light years over IE
Not quite sure what sniffers have to do with maintaining a login to a website. I assume you mean packet sniffers on a wireless network in which case the fact that I have an encrypted wireless network and connect via SSL both reduce that risk. Furthermore, the fact that Runbox users have to login so frequently seems (IMHO) to increase, rather than decrease the risk of a password being snatched by a sniffer. The more often someone is typing in their password the more likely it is to be observed/captured/intercepted.

Hijacking, as far as I know, generally refers in this context to a hacker hijacking a website, spoofing it in order to foll users into entering their password info. Again, in this case the fac that Runbox users are constantly re-entering their passwords is more of a liability than an asset. I know hijacking can also refer to hijacking a TCP session, but again I don't see what a persistent login would ahve to do with this.

There are tools for many browsers (including Maxthon which I use) for auto-refreshing the page, and I'll use those during the day sometimes to stay in Runbox. But it creates an (admittedly small) unnecessary bandwidth consumption which becomes larger when you multply it across the internet and apply it to people who set the refresh too frequently. I think of it the same way as littering -- anyone can justify it on the basis of how insignificant their cigarette butt is on the face of the Earth, just like one innocuous refresh when they aren't even sitting at the computer. But there are ~6 Billion of us now, and when everyone drops their garbage it clogs the whole system.

If everyone is staying logged into their 5 favorite sites with auto-refresh tools and sets them to 5 minute intervals, poof, no more internet.

Moreover, it only works while your system is turned on. Shut down and you have to login again. What GMail offers, and what this post is suggesting I believe, is that I can login once every couple of weeks, and every time I come back to Runbox with that PC I'm automatically back in.

--Jason

P.S. If I've misunderstood what you are concerned about re: sniffers and hijacking, please let me know. I don't mean to minimize any legitimate threats, but my understanding of those threats does not seem to make persistent logins an increased risk.
jbs is offline   Reply With Quote
Old 5 Apr 2005, 01:05 AM   #11
thewzd
Junior Member
 
Join Date: Jul 2004
Location: UK
Posts: 12
Hi all,

Just thought I'd throw an idea in here, from a web developer's point of view, and of course as a Runbox fan!

Many of the websites that I write have tick boxes during the login process that allows a member to select whether the website stores a permanent cookie (say for 14 days) so that if the usual 'timeout' occurs, you've had already chosen whether your id and password were stored, therefore you could just press return at the login prompts as your details would have automatically been filled in.

Of course, inside the website there would one other link that allows the user to 'dump' the cookies that're stored, in case they made the mistake of selecting a 'remember' option when they'd been using a shared-pc.

To improve Runbox's current login procedure, a select-list could be offered (or a radio button) that offers :-

1. Remember Nothing
2. Remember Username Only.
3. Remember Username + Password.

Inside Runbox, a simple option to 'remove cookies' would need to be made available.

This is different to an auto-login of course, as the user still has to click 'Login'. All I'm saying with the above idea is that it could offer a single click to re-log-back-in.

Hope that didnt sound too confusing! (sorry if it did).

Geir (+ other RB developers) : Any comments on this?
thewzd is offline   Reply With Quote
Old 5 Apr 2005, 01:53 AM   #12
carverrn
Intergalactic Postmaster
 
Join Date: Jan 2002
Location: Chicago, IL
Posts: 5,606

Representative of:
Runbox.com
Quote:
Originally posted by MikhailT
Opera 8 latest beta and IE for sites that can't be loaded.
Opera has an Reload feature. Just right click on the page and select "Reload every" to select how often you want Opera to reload the page. You can then keep a Runbox page open in the background and let Opera keep refreshing it to keep your session alive.

Regards,
Rich
carverrn is offline   Reply With Quote
Old 5 Apr 2005, 02:10 AM   #13
carverrn
Intergalactic Postmaster
 
Join Date: Jan 2002
Location: Chicago, IL
Posts: 5,606

Representative of:
Runbox.com
Oh .. and if you want to do a direct login you can use a link like this:

http://www.runbox.com/LOGIN?credential_0=YOURUSERNAME&credential_1=YOURPASSWORD&destination=/mail

Or this one for secure login:

https://www.runbox.com/LOGIN?credential_0=YOURUSERNAME&credential_1=YOURPASSWORD&destination=/mail

Regards,
Rich
carverrn is offline   Reply With Quote
Old 5 Apr 2005, 02:35 AM   #14
zapata
Essential Contributor
 
Join Date: Dec 2004
Location: Wien, Østerrike
Posts: 375
Is there a direct link for training spam when you are not using webmail?
Maybe Runbox can add the folder id and message # to the header?

https://secure.runbox.com/mail/list?folder_id=xxxxxxx&order=\
&direction=&offset=0&learn=spam&message=yyyyyy

Or is there something planned for the future?
zapata is offline   Reply With Quote
Old 5 Apr 2005, 02:51 AM   #15
jbs
Essential Contributor
 
Join Date: Oct 2003
Posts: 455
Quote:
Originally posted by carverrn
Oh .. and if you want to do a direct login you can use a link like this:

http://www.runbox.com/LOGIN?credenti...tination=/mail

Or this one for secure login:

https://www.runbox.com/LOGIN?credent...tination=/mail

Regards,
Rich
I used to use one of these, but this seemed actually more risky to me than a persistent login would be.

Persistent login means as long as your computer (and its cookie) are secure, your access is secure. But saving a link like that means any glance at your favorites or browser history can yield up your password, which for many people is also the password to other sites as well . . .

--Jason
jbs is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 06:38 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy