[Feature request]Ability to stay logged in for like a week.

[MikhailT]

Can we have the ability to stay logged in for a week or two. Yes i know about the runbox.com/mail for one hour. But that is not enough for me, I use runbox all the time on my home pc and i would like to not log in every hour just to see what new email came in.

[zapata]

Why do you use webmail and not IMAP4?
Well at least IMAP4 on port 143 should work. Your MUA should support re-connect and keep-alive.

BR
Herbert

[MikhailT]

Because I do not want to use IMAP4 or any other protocal. I perfer to use the webmail interface.

[marcus0263]

That is not a feature request, it's a security hole. It would be irresponsible of Runbox to allow that.

[MikhailT]

No it is not, it is a security problem if runbox allow it by default. That's why i say if we can have the "ability" meaning option. As in how gmail and other sites would do it. It has two options, do not remember(public pc) or do remember(private pc) the password on this computer.

[jbs]

Quote:

Originally posted by marcus0263
That is not a feature request, it's a security hole. It would be irresponsible of Runbox to allow that.

An automatic logout after an hour is only necessary in a small number of circumstances.

For those of us who keep our PCs secure, who have BIOS passwords protecting login to the computer, who maintain physical security to access the PCs, etc, I would see nothing wrong with making the login persist for much longer.

If someone ever stole such a PC, you could always just login and change your passwords . . .

--Jason

[carverrn]

MikhailT,

What browser do you use?

Regards,
Rich

[marcus0263]

Quote:

Originally posted by jbs
An automatic logout after an hour is only necessary in a small number of circumstances.

For those of us who keep our PCs secure, who have BIOS passwords protecting login to the computer, who maintain physical security to access the PCs, etc, I would see nothing wrong with making the login persist for much longer.

If someone ever stole such a PC, you could always just login and change your passwords . . .

--Jason

Sniffer's? Hijacking?

I still disagree, keeping an open link is a hole. But if you must maintain an open link there's a Firefox plugin that you can set an automatic refresh rate, us it if you must. If you use IE you need to dump it and not look back. IE just has way to many security issues. Something about having a web browser that opens the door to infections by virus's and worms by just looking at a website is of grave concern. Dump IE and go with Firefox it's not 100% secure, but it's light years over IE

[MikhailT]

Quote:

Originally posted by carverrn
MikhailT,

What browser do you use?

Regards,
Rich

Opera 8 latest beta and IE for sites that can't be loaded.

[jbs]

Quote:

Originally posted by marcus0263
Sniffer's? Hijacking?

I still disagree, keeping an open link is a hole. But if you must maintain an open link there's a Firefox plugin that you can set an automatic refresh rate, us it if you must. If you use IE you need to dump it and not look back. IE just has way to many security issues. Something about having a web browser that opens the door to infections by virus's and worms by just looking at a website is of grave concern. Dump IE and go with Firefox it's not 100% secure, but it's light years over IE

Not quite sure what sniffers have to do with maintaining a login to a website. I assume you mean packet sniffers on a wireless network in which case the fact that I have an encrypted wireless network and connect via SSL both reduce that risk. Furthermore, the fact that Runbox users have to login so frequently seems (IMHO) to increase, rather than decrease the risk of a password being snatched by a sniffer. The more often someone is typing in their password the more likely it is to be observed/captured/intercepted.

Hijacking, as far as I know, generally refers in this context to a hacker hijacking a website, spoofing it in order to foll users into entering their password info. Again, in this case the fac that Runbox users are constantly re-entering their passwords is more of a liability than an asset. I know hijacking can also refer to hijacking a TCP session, but again I don't see what a persistent login would ahve to do with this.

There are tools for many browsers (including Maxthon which I use) for auto-refreshing the page, and I'll use those during the day sometimes to stay in Runbox. But it creates an (admittedly small) unnecessary bandwidth consumption which becomes larger when you multply it across the internet and apply it to people who set the refresh too frequently. I think of it the same way as littering -- anyone can justify it on the basis of how insignificant their cigarette butt is on the face of the Earth, just like one innocuous refresh when they aren't even sitting at the computer. But there are ~6 Billion of us now, and when everyone drops their garbage it clogs the whole system.

If everyone is staying logged into their 5 favorite sites with auto-refresh tools and sets them to 5 minute intervals, poof, no more internet.

Moreover, it only works while your system is turned on. Shut down and you have to login again. What GMail offers, and what this post is suggesting I believe, is that I can login once every couple of weeks, and every time I come back to Runbox with that PC I'm automatically back in.

--Jason

P.S. If I've misunderstood what you are concerned about re: sniffers and hijacking, please let me know. I don't mean to minimize any legitimate threats, but my understanding of those threats does not seem to make persistent logins an increased risk.

[thewzd]

Hi all,

Just thought I'd throw an idea in here, from a web developer's point of view, and of course as a Runbox fan!

Many of the websites that I write have tick boxes during the login process that allows a member to select whether the website stores a permanent cookie (say for 14 days) so that if the usual 'timeout' occurs, you've had already chosen whether your id and password were stored, therefore you could just press return at the login prompts as your details would have automatically been filled in.

Of course, inside the website there would one other link that allows the user to 'dump' the cookies that're stored, in case they made the mistake of selecting a 'remember' option when they'd been using a shared-pc.

To improve Runbox's current login procedure, a select-list could be offered (or a radio button) that offers :-

1. Remember Nothing
2. Remember Username Only.
3. Remember Username + Password.

Inside Runbox, a simple option to 'remove cookies' would need to be made available.

This is different to an auto-login of course, as the user still has to click 'Login'. All I'm saying with the above idea is that it could offer a single click to re-log-back-in.

Hope that didnt sound too confusing! (sorry if it did).

Geir (+ other RB developers) : Any comments on this?

[carverrn]

Quote:

Originally posted by MikhailT
Opera 8 latest beta and IE for sites that can't be loaded.

Opera has an Reload feature. Just right click on the page and select "Reload every" to select how often you want Opera to reload the page. You can then keep a Runbox page open in the background and let Opera keep refreshing it to keep your session alive.

Regards,
Rich

[carverrn]

Oh .. and if you want to do a direct login you can use a link like this:

http://www.runbox.com/LOGIN?credential_0=YOURUSERNAME&credential_1=YOURPASSWORD&destination=/mail

Or this one for secure login:

https://www.runbox.com/LOGIN?credential_0=YOURUSERNAME&credential_1=YOURPASSWORD&destination=/mail

Regards,
Rich

[zapata]

Is there a direct link for training spam when you are not using webmail?
Maybe Runbox can add the folder id and message # to the header?

https://secure.runbox.com/mail/list?folder_id=xxxxxxx&order=\
&direction=&offset=0&learn=spam&message=yyyyyy

Or is there something planned for the future?

[jbs]

Quote:

Originally posted by carverrn
Oh .. and if you want to do a direct login you can use a link like this:

http://www.runbox.com/LOGIN?credenti...tination=/mail

Or this one for secure login:

https://www.runbox.com/LOGIN?credent...tination=/mail

Regards,
Rich

I used to use one of these, but this seemed actually more risky to me than a persistent login would be.

Persistent login means as long as your computer (and its cookie) are secure, your access is secure. But saving a link like that means any glance at your favorites or browser history can yield up your password, which for many people is also the password to other sites as well . . .

--Jason