On 3/6/07, Damien Moore <damien@xxxxxxxxxxxxxxxxxx> wrote: > > Revered Squirrelmailers > > In a note dated 08/03/05 it is suggested on the following page: > http://www.squirrelmail.org/wiki/SquirrelMailSecurity > that in order to disable the IE "autocomplete" feature the file > squirrel\functions\forms.php should be changed to include: > addInputField('password', $name , $value, ' autocomplete="off"'); > > There is also a password_forget plugin (v.2.1 dated 12/09/2004) the > function of which is to prevent browsers from remembering passwords. > > Do we need to employ both these measures? What is your current > recommendation on this subject? Is there something else we should be doing > instead? It's your choice. The first method tries to tell IE not to even try to remember. This method may be more thorough, although you always run the risk that certain versions don't obey that setting, and it might only work with IE. If someone wants to send a patch that allows the admin (user?) to turn this on and off, I'm sure we'd take a look at it. The 2nd method (the plugin) just *tricks* the browser by renaming the password field every time the login page loads so that even if something was remembered, the field name changes. It cannot hurt to use both methods. > System: Win-2003 Server R-2 & Mercury/32 4.01b & Apache 2.2.4 & PHP 5.2.1 > & Squirrelmail 1.4.9a & Compatibility-1.3. Plugins: 1.message_details > 2.password_forget 3.quicksave 4.squirrel_logger 5.view_as_html > 6.change_pass. > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
