[imp] Autocomplete option in $conf[]

Andrew Morgan morgan at orst.edu
Mon Feb 17 23:49:27 PST 2003



On Mon, 17 Feb 2003, Eric Rostetter wrote:

> Quoting "Oliver Schulze L." <oliver at samera.com.py>:
>
> > I know that using autocomplete is not xhtml compliant, but since many
> > modern internet browser have the availability to save users's passwords
> > in public computers, I think this issue must be configurable in the file
> > /imp/config/conf.php following a big warning that enabling it will
> > result is
> > a non xhtml compliant page.
>
> So that Horde/IMP won't save their password, but every other web site
> the go to will???  If this is a public computer, then the option should
> be disabled in the browser, so it won't work with any page.  Trying to
> change pages/sites one-by-one won't give any real security.  Disabling
> it in the browser will.

I've been avoiding this thread for a while now, but let me chime in with
my "vote" on the subject.

I won't disagree that the real problem is the client browser's security,
but I can control that somewhat with a setting on my webmail server.  I
run a webmail server that may be accessed from anywhere in the world, from
machines I have zero control over.

Now, the usernames and passwords used on my webmail server are also used
by other services on campus, such as charging for printing, registration,
etc...  So I'm very worried about someone accidently (or purposely!)
exposing their username and password.

I'm not arguing that it should be the default, but I want the *option* of
turning off autocomplete.

Thanks for listening...  :)

	Andy



More information about the imp mailing list