[bugs] [Bug 1016] New - IMP 3.1 allow browser to save login form IMP
2.2.x does not
bugs@bugs.horde.org
bugs@bugs.horde.org
Wed, 7 Aug 2002 07:00:40 -0300
http://bugs.horde.org/show_bug.cgi?id=1016
*** shadow/1016 Wed Aug 7 07:00:40 2002
--- shadow/1016.tmp.15831 Wed Aug 7 07:00:40 2002
***************
*** 0 ****
--- 1,39 ----
+ Bug#: 1016
+ Product: Horde
+ Version: other
+ Platform: MSIE 5
+ OS/Version: Linux
+ Status: NEW
+ Resolution:
+ Severity: major
+ Priority: P2
+ Component: IMP
+ Area: BUILD
+ AssignedTo: chuck@horde.org
+ ReportedBy: kallio@cc.jyu.fi
+ URL:
+ Cc: kallio@cc.jyu.fi
+ Summary: IMP 3.1 allow browser to save login form IMP 2.2.x does not
+
+ Using horde 2.1.3 + IMP 3.1
+
+ For some reason if browser (IE6) is configured to save forms and
+ passwds IMP 3.1 login page is saving username and passwd
+ but IMP 2.2.x does not save them.
+
+ When people use micro in lab or internet cafe it is a serious security
+ bug if accounts and passwds are saved in any configuration.
+
+ I do not know what is the mechanism to prevent IE to save passwd, some say
+ the expiration date is the correct way.
+
+ IMP 2.2 and 3.1 are sendig different Expires -headers:
+
+ $ wget -d http://tammi2.cc.jyu.fi/horde/imp 2>&1 | grep -i expi
+ Expires: Thu, 19 Nov 1981 08:52:00 GMT
+ Expires: Thu, 19 Nov 1981 08:52:00 GMT
+ Expires: Thu, 19 Nov 1981 08:52:00 GMT
+ $ wget -d http://webmail.cc.jyu.fi/horde/imp 2>&1 | grep -i expi
+ Expires: -1
+ $
+