[imp] Autocomplete option in $conf[]
Eric Rostetter
eric.rostetter at physics.utexas.edu
Mon Feb 17 20:44:41 PST 2003
Quoting "Oliver Schulze L." <oliver at samera.com.py>:
> Hi,
> I'm writting about the 'autocomplete=off' parameter that can be inside
> a <form> tag.
Been discussed before, and added to the FAQ.
> I know that using autocomplete is not xhtml compliant, but since many
> modern internet browser have the availability to save users's passwords
> in public computers, I think this issue must be configurable in the file
> /imp/config/conf.php following a big warning that enabling it will
> result is
> a non xhtml compliant page.
So that Horde/IMP won't save their password, but every other web site
the go to will??? If this is a public computer, then the option should
be disabled in the browser, so it won't work with any page. Trying to
change pages/sites one-by-one won't give any real security. Disabling
it in the browser will.
> I think that in the case of public computers, this is a security issue
> when the public
> computer is not configured properly.
But it only fixes one hole out of thousands, and is hardly worth worrying
about. If you run a public facility, make sure it is configured correctly.
> What do you think about it?
Well, from a Horde point of view, I'm fairly neutral. Don't really care much.
But from a security point of view, this misses the boat totally. It is
completely the wrong way to tackle a security issue...
> Oliver
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Why get even? Get odd!
More information about the imp
mailing list