[imp] Windows XP caches login credentials.

Eric Rostetter eric.rostetter@physics.utexas.edu
Sun, 21 Jul 2002 19:42:54 -0500


Quoting Alexander Skwar <lists.ASkwar@email-server.info>:

> Sorry, I don'tt quite understand this.  Major sites with *REALLY*
> sensitive data (like internet banking sites) don't turn this option off,

If not, then I would really question the bank's commitment to security.
I would expect that my bank, stock broker, etc. would have turned this
off.  But then, I've seen how bad the security is on many stock broker sites
so I guess I wouldn't be surprised there...

> and also none of the web mailers I know (GMX.net, web.de, ...) do this -
> so why should Horde/IMP do this?

Well, I can point to about 10 security flaws in yahoo.com and hotmail.com that 
don't exist in IMP.  Should we implement these security flaws just because 2
major web mail sites have them?

> If a user isn't aware of the "risk",
> then he needs more training.

I agree with that, but I seriously doubt most of those users will receive
it.  An ISP generally doesn't take the time to educate its clients about
such security issues (autocomplete).  Even in a university environment,
we can only education those who seek out the education, and many avoid
it...

> Maybe a warning could be added to the
> login page stating why it might be bad to store username/passwords.  But
> other than that, I completely agree with Jon.  This is totally a client
> side issue and IMP should NOT turn it off!

That's a valid opinion.  I take the opposite.

One reason I take the opposite is because almost all IMP sites I know of
are university sites which decided on IMP because of the fact that its
security was better than most, and sometimes specifically to replace other 
existing web mail systems which had less security.
 
> Alexander Skwar

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

"TAD (Technology Attachment Disorder) is an unshakable, impractical devotion
to a brand, platform, product line, or programming language. It's relatively
harmless among the rank and file, but when management is afflicted the damage
can be measured in dollars. It's also contagious -- someone with sufficient
political clout can infect an entire organization."

--"Enterprise Strategies" columnist Tom Yager.