Doesn’t opening showing urls removes an extra layer of security? Especially if I had decided to change the default box. subdomain?
I can’t help feeling it would be better to not show anything here unless a user was logged in?
There’s nothing shown there that isn’t already exposed elsewhere.
See Don't reveal that the box is a Mail-in-a-Box · Issue #440 · mail-in-a-box/mailinabox · GitHub.
I understand it is not difficult to find out this information if you really wanted to, but it appears the general feeling is the same on this thred and GitHub.
I wonder if it might make more sense to just hide all info untill logged in?
If someone wants to submit a pull request to do it, sure.
That would be fantastic! (note that’s exactly what I originally asked when started this thread and no success, even no one guideline about how to achieve it, too)…
I had no other way that custmizing the /root/mailinabox/management/templates/index.html file (1) by hiding those menus links that expose unwanted data to public (not logged-in) visitors. Pehaps you could do something like that meantime a solution arrives knowing @joshdata has accepted this, now:
- note changes to /root/mailinabox/management/templates/ content will be defaulted after each upgrade.