Also for "public" terminals (the bane of web security) the login is always
the same. If I enter my username and password on my Yahoo mail login, the
next time someone goes to check THEIR email on Yahoo, then can focus on the
username box, press the down arrow key and up pops my username. Ditto for
password. But, the fine folks at Yahoo added that little autocomplete="no"
to both fields. Thanks, Yahoo.
NAT
-----Original Message-----
From: Daniel Lancelot [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 07, 2000 2:14 AM
To: [EMAIL PROTECTED]
Subject: RE: <cf_secure>(IE5 password autofillin)
Well, for one thing, an admin user should not leave their machine
unprotected (password protected screensaver after 1 min etc...
- for instance, on most windows/exchange email systems, no password needs to
be entered to use email, after the user has logged in, and so windows needs
protecting iin any cae...
but obviously with sensitive admin passwords etc, thats when you choose not
to save the password, when IE asks you...
>From a development pint of view, Hotmail gets round this problem by making
each login page have a unique url (I think with the query string)...
On Fri, 07 July 2000, "Marc Gadsdon" wrote:
>
> >It is not possible, even if that did happen, for the user to obtain your
> password - they would only be >able to use that particular login on that
> machine...
>
> but the trouble with IE remembering is what happens when the admin user
> leaves their desk, and your app times out their session, throwing up the
> login screen - along comes mister inquisitive who happens to know the
> username (you know how it works in the average office) and hey presto he's
> in...
>
> I think I'd prefer to turn off the auto fill thing?
>
> marc
>
>
>
> -----Original Message-----
> From: Daniel Lancelot [mailto:[EMAIL PROTECTED]]
> Sent: 07 July 2000 00:37
> To: [EMAIL PROTECTED]
> Subject: RE: <cf_secure>(IE5 password autofillin)
>
>
> Just to Clarify things,
>
> When filling in a username/password form for the first time, IE asks
whether
> you wish to save username/password logins for this site...
>
> If you choose not to, IE will not autofillin the password ever for that
> site.
>
> If a password is saved, it is saved for that page, and that page only.
> All passwords are encrypted (same location as mail logins etc are stored),
> and are only available to that windows login - particularly on 2000/NT -
> no-one will be able to login to that site, unless they also login to
windows
> using your username/password.
>
> It is not possible, even if that did happen, for the user to obtain your
> password - they would only be able to use that particular login on that
> machine...
>
> IMHO: IE's password autofillin is a good thing, although it does seem to
be
> slightly random (particularly under NT/2000) as to whether it remembers
your
> password or not...
>
> Dan.
>
> -----Original Message-----
> From: craig girard [mailto:[EMAIL PROTECTED]]
> Sent: 05 July 2000 22:56
> To: [EMAIL PROTECTED]
> Subject: RE: <CF_SECURE>
>
>
> Man, thats totally lame. What a security hole!!!!!
>
> Thanks for the info everyone.
>
> Craig
>
> -----Original Message-----
> From: Dan Haley [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 4:56 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: <CF_SECURE>
>
>
> In IE5 go to Tools | Internet Options | Content tab -->> Personal
> Information -->> AutoComplete.
>
> You can choose autocomplete for web addresses, forms, and user names and
> passwords. From my experience the autocomplete in forms is based on the
> field name (i.e., all fields named "zipcode", regardless of the site, will
> provide a list of all zipcodes I've ever entered). I don't know if this
> holds true for passwords, or if it is more restrictive based on the URL,
> form name, etc. First thing I'd try though is using a unique field name
in
> each place I was asking for the password.
>
> Dan
>
> -----Original Message-----
> From: craig girard [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 1:33 PM
> To: [EMAIL PROTECTED]
> Subject: RE: <CF_SECURE>
>
>
> I do not believe the MS autocomplete works on an input of type PASSWORD.
I
> use autocomplete in IE and have never had it come up when the input type
is
> PASSWORD.
>
> Craig
>
> -----Original Message-----
> From: David B. Brooks [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 3:30 PM
> To: [EMAIL PROTECTED]
> Subject: RE: <CF_SECURE>
>
>
> As per prompting for password before updating, the user might have MS auto
> complete (or some other form that I don't know of) on in their browser,
thus
> defeating this purpose.
>
> Anyway to turn this feature off?
>
> -David
>
>
----------------------------------------------------------------------------
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
>
----------------------------------------------------------------------------
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
>
>
> ___________________________________________
> It's amazing what happens when you breathe.
> www.breathe.com
>
----------------------------------------------------------------------------
> --
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
>
----------------------------------------------------------------------------
--
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
___________________________________________
It's amazing what happens when you breathe.
www.breathe.com
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
