This project is not covered by Drupal’s security advisory policy.
Integration of the roundcube webmail client in drupal
Roundcube Webmail Project: http://www.roundcube.net/
Pro / Contra iframe: The iframe solution is not very nice, but roundcube is just a complex application. Maybe it’s also better for maintaining updates. Also following the unix philosophy: a task should have it’s own application.
Advantages: rcmail is an module to use the nice-looking ajax webmail client roundcube in drupal. Users can leave their mail account information in drupals account settings to make use of a single-sign-on. The passwords stored crypted in drupals database*. Some scripts in roundcube were modified to use contacts managed with civicrm**. Users can query, edit and insert new contacts in the contact pool of civicrm.
Future: Uses can see sent emails as activities in civicrm.
Security: The password of the users IMAP account stored in the database using php mcrypt and a key you can set in the rcmail.module. So even a database administrator is not able to read users password as plain-text. To login the IMAP account, the password will be decrypted using mcrypt and the key in runtime. Paranoia: If an evil hacker gain access of booth, drupals database and your key (wich is stored in the script), the hacker is able to decrypt the passwords.
** no patch for civicrm in drupal 4.7 at this time
contributed by polyformal http://www.polyformal.de/ . If you need fast response or modification for your own needs please contact me at http://www.polyformal.de/contact to open a business track.
Project information
- Module categories: Integrations
- Created by polyformal_sp on , updated
- This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.