>It is not possible, even if that did happen, for the user to obtain your
password - they would only be >able to use that particular login on that
machine...
but the trouble with IE remembering is what happens when the admin user
leaves their desk, and your app times out their session, throwing up the
login screen - along comes mister inquisitive who happens to know the
username (you know how it works in the average office) and hey presto he's
in...
I think I'd prefer to turn off the auto fill thing?
marc
-----Original Message-----
From: Daniel Lancelot [mailto:[EMAIL PROTECTED]]
Sent: 07 July 2000 00:37
To: [EMAIL PROTECTED]
Subject: RE: <cf_secure>(IE5 password autofillin)
Just to Clarify things,
When filling in a username/password form for the first time, IE asks whether
you wish to save username/password logins for this site...
If you choose not to, IE will not autofillin the password ever for that
site.
If a password is saved, it is saved for that page, and that page only.
All passwords are encrypted (same location as mail logins etc are stored),
and are only available to that windows login - particularly on 2000/NT -
no-one will be able to login to that site, unless they also login to windows
using your username/password.
It is not possible, even if that did happen, for the user to obtain your
password - they would only be able to use that particular login on that
machine...
IMHO: IE's password autofillin is a good thing, although it does seem to be
slightly random (particularly under NT/2000) as to whether it remembers your
password or not...
Dan.
-----Original Message-----
From: craig girard [mailto:[EMAIL PROTECTED]]
Sent: 05 July 2000 22:56
To: [EMAIL PROTECTED]
Subject: RE: <CF_SECURE>
Man, thats totally lame. What a security hole!!!!!
Thanks for the info everyone.
Craig
-----Original Message-----
From: Dan Haley [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 05, 2000 4:56 PM
To: '[EMAIL PROTECTED]'
Subject: RE: <CF_SECURE>
In IE5 go to Tools | Internet Options | Content tab -->> Personal
Information -->> AutoComplete.
You can choose autocomplete for web addresses, forms, and user names and
passwords. From my experience the autocomplete in forms is based on the
field name (i.e., all fields named "zipcode", regardless of the site, will
provide a list of all zipcodes I've ever entered). I don't know if this
holds true for passwords, or if it is more restrictive based on the URL,
form name, etc. First thing I'd try though is using a unique field name in
each place I was asking for the password.
Dan
-----Original Message-----
From: craig girard [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 05, 2000 1:33 PM
To: [EMAIL PROTECTED]
Subject: RE: <CF_SECURE>
I do not believe the MS autocomplete works on an input of type PASSWORD. I
use autocomplete in IE and have never had it come up when the input type is
PASSWORD.
Craig
-----Original Message-----
From: David B. Brooks [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 05, 2000 3:30 PM
To: [EMAIL PROTECTED]
Subject: RE: <CF_SECURE>
As per prompting for password before updating, the user might have MS auto
complete (or some other form that I don't know of) on in their browser, thus
defeating this purpose.
Anyway to turn this feature off?
-David
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
___________________________________________
It's amazing what happens when you breathe.
www.breathe.com
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
