Yes, it is true.
Internet Explorer stores username and password values passed through
the Basic Auth dialog as well as anything entered into text fields or
text boxes. Netscape 6 also incorporates these same "features."
I am not certain *where* these values are stored or how they are
stored. I would like to know ...
It should be noted that the user has an opportunity to prevent the web
browser from storing these values, but it has been my experience that
most people find it convenient to have the browser remember
usernames/passwords.
Although users should certainly be educated as to the dangers of
allowing a dumb web browser to remember passwords to Ameritrade
accounts and on-line banks, I think the real problem is that too many
sites require registration with usernames/passwords.
Until personal digital ids and retinal scanners are at all
workstations, I think username/passwords security on the web will
always have user-introduced holes :-).
Jeff Sheffield once wrote:
> > I noticed that the MS Explorer remembers both username and corresponding
> > password, making the cookie based authentication system useless.
> > (closing and reopening all windows does not help)
> pure evil..!! (IMHO)
> I don't use exploder very often...
> is this really true..??
>
>
> On Wed, Jan 10, 2001 at 11:08:37PM +0100, [EMAIL PROTECTED] wrote:
> >
> >
> > Hi
> >
> > I am using a cookie based authentication scheme.
> > Cookie expires therefore login again. ( like the ticket master example in
> > O'reilly's.)
> >
> >
> >
> >
> > I noticed that the MS Explorer remembers both username and corresponding
> > password, making the cookie based authentication system useless.
> > (closing and reopening all windows does not help)
> >
> > So using the default browser preferences is no good. Does anybody know
> > which browser preference is involved here.
> >
> > Arnold
> >
> >
> >
> Thanks,
> Jeff
>
> --------------------------------------------------------------------
> | If you go to the zoo, always take somethin' to feed the animals |
> | even if the signs say "Do not Feed Animals." It wasn't the |
> | animals that put them signs up. |
> | -- Forrest Gump |
> | -- Winston Groom |
> --------------------------------------------------------------------
> | Jeff Sheffield |
> | [EMAIL PROTECTED] |
> | AIM=JeffShef |
> --------------------------------------------------------------------
--
Brett Paden
President, TriMeros, Inc.
http://www.trimeros.com
[EMAIL PROTECTED]
