[bugs] [Bug 1016] New - IMP 3.1 allow browser to save login form IMP 2.2.x does not

bugs@bugs.horde.org bugs@bugs.horde.org
Wed, 7 Aug 2002 07:00:40 -0300

Previous message: [bugs] [Bug 1015] Changed - Unable to access Folders
Next message: [bugs] [Bug 1017] New - Norwegian langue keeps falling back to english
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://bugs.horde.org/show_bug.cgi?id=1016

*** shadow/1016	Wed Aug  7 07:00:40 2002
--- shadow/1016.tmp.15831	Wed Aug  7 07:00:40 2002
***************
*** 0 ****
--- 1,39 ----
+ Bug#: 1016
+ Product: Horde
+ Version: other
+ Platform: MSIE 5
+ OS/Version: Linux
+ Status: NEW   
+ Resolution: 
+ Severity: major
+ Priority: P2
+ Component: IMP
+ Area: BUILD
+ AssignedTo: chuck@horde.org                            
+ ReportedBy: kallio@cc.jyu.fi               
+ URL: 
+ Cc: kallio@cc.jyu.fi
+ Summary: IMP 3.1 allow browser to save login form IMP 2.2.x does not
+ 
+ Using horde 2.1.3 + IMP 3.1
+ 
+ For some reason if browser (IE6) is configured to save forms and 
+ passwds IMP 3.1 login page is saving username and passwd 
+ but IMP 2.2.x does not save them.
+ 
+ When people use micro in lab or internet cafe it is a serious security 
+ bug if accounts and passwds are saved in any configuration.
+ 
+ I do not know what is the mechanism to prevent IE to save passwd, some say 
+ the expiration date is the correct way.
+ 
+ IMP 2.2 and 3.1 are sendig different Expires -headers:
+ 
+ $ wget -d http://tammi2.cc.jyu.fi/horde/imp 2>&1 |  grep -i expi
+ Expires: Thu, 19 Nov 1981 08:52:00 GMT
+ Expires: Thu, 19 Nov 1981 08:52:00 GMT
+ Expires: Thu, 19 Nov 1981 08:52:00 GMT
+ $ wget -d http://webmail.cc.jyu.fi/horde/imp 2>&1 |  grep -i expi
+ Expires: -1
+ $
+

Previous message: [bugs] [Bug 1015] Changed - Unable to access Folders
Next message: [bugs] [Bug 1017] New - Norwegian langue keeps falling back to english
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]