I dont think anyone really wants to remove CSRF tokens from the login page. They have a use, no matter how small the risk. The protection is basically against people that dont have access to your login screen, but somehow manage to (make you) post to your login screen anyways. Thats enough reason to have sessions in the login screen, and Rosali should probably use a shell script to run those crontabs. Thats a much cleaner solution.
> * what if your mailserver has rate-controls Well, stop clicking that forged link then :) Cor
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Roundcube Development discussion mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/dev
