[imp] Windows XP caches login credentials.

[Eric Rostetter]

Quoting "Oliver Schulze L." <oliver at samera.com.py>:

> Hi all,
> sorry about being too late on the subject, but these are my points:
> 
> - Horde should force, (yes force) a security policy on its user.

No, the admin/installer of Horde should do so, not Horde. And the
admin/installer of the browsers who should do so.

> - Yahoo Mail and Other sensitive sites(like Banks) have the security as a
>    top priority and they use the autocomplete feature. Hotmail does not use
>    the autocomplete feature but has an radio button to select if you are
> using
>    a public computer.

Hotmail is a site, not an application.  Horde is an application, not a site.
It is up to the site, not the application, to set the security policy.

> - Horde still can include this option in IMP 3.2 and make more than 50% of
>    its users happy. :-)

Just because 50% of those who replied wanted it as X, doesn't mean that 
after it is changed more than 50% of the new reactions won't be in the
other direction after the change.
 
> I don't want to start another long discusion. But I think this issue is
> crucial,
> beacuse Horde is meant to be a Public Mail Client(as I see it),

No, it is meant to be a mail client.  Public or private is up to the
installer.

> secure enough at the login page.(Maybe the most sensitive page regarding
> security)

It is really the browser that is not being secure.  Not the web page.
The browser is acting in a non-standard way.

> I posted a 2 line patch for resolving this issue in IMP as an example on
> how easy
> it is to configure it.

And how wrong you are.  Besides your other mistakes (like saying enabled
when you really mean disabled), you only fix this in IMP login.  What about
gollem?  What about other password fields in horde applications?  The
patch would have to be much more rigerous to be of any real value.
 
> Regards
> Oliver

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Why get even? Get odd!