[imp] Windows XP caches login credentials.

Eric Rostetter eric.rostetter@physics.utexas.edu
Sun, 21 Jul 2002 15:18:49 -0500


Quoting Jon Parise <jon@horde.org>:

> > That should definitely be the default.   Autocomplete is very bad.  Many
> > PCs are not single-user and autocompletion could be a nasty surprise to
> > some people.  
> 
> I disagree on the grounds that this is a client-side issue.  If the
> behavior was not configurable then I could see an argument for us
> doing something to help the situation, but this is trivial to disable
> in the browser.  Users should handle this one on their own.

Yes, but you will find a lot of people who will say that their users
(the average user, some users, etc) don't know enough about the dangers
of this, more less how to configure it.  So we need to look out for them
due to their ignorence/laziness/etc.  Note this could also apply to
administrative types as well as users...  Note: I didn't make any such
statement (though I may have thought it), I simply said a lot of people
would make such statements... ;)

My experience is that we have very large group of users who always use
the defaults, and never even look at preferences/options, more less try
to change (or even understand the implications) of them.  So, if browsers
default to auto-complete on, with or without warning/confirmation, then 
this is an issue for the security of these users...

> Besides, some users may want to use this feature.  We have no place in
> dictating its use.

That's why there are so many comments about making it an option of some
sort...

> > Possibly configurable per imp installation, but with a warning.
> 
> I think this would add unnecessary configuration overhead.

Always a tradeoff between security and overhead.  Pretty much all
security is overhead.

> -- 
> Jon Parise (jon@horde.org) :: The Horde Project (http://horde.org/)

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

"TAD (Technology Attachment Disorder) is an unshakable, impractical devotion
to a brand, platform, product line, or programming language. It's relatively
harmless among the rank and file, but when management is afflicted the damage
can be measured in dollars. It's also contagious -- someone with sufficient
political clout can infect an entire organization."

--"Enterprise Strategies" columnist Tom Yager.