[imp] Windows XP caches login credentials.

Oliver Schulze L. oliver at samera.com.py
Tue Feb 18 13:22:27 PST 2003 

To make it short:
- I (personally) think that adding the option to configure the autocomplete
   feature will help all Horde/IMP users.
- I respect that Horde.org don't want to add it. I'm ok with that. I justed
   wanted to post to the list my points. Sorry about my language in my 
previous
   post, I didn't wanted to be rude. So, again, I apologize myself to 
all the
   affected parties.


Oliver

Eric Rostetter wrote:

>Quoting "Oliver Schulze L." <oliver at samera.com.py>:
>
>  
>
>>Hi all,
>>sorry about being too late on the subject, but these are my points:
>>
>>- Horde should force, (yes force) a security policy on its user.
>>    
>>
>
>No, the admin/installer of Horde should do so, not Horde. And the
>admin/installer of the browsers who should do so.
>
>  
>
>>- Yahoo Mail and Other sensitive sites(like Banks) have the security as a
>>   top priority and they use the autocomplete feature. Hotmail does not use
>>   the autocomplete feature but has an radio button to select if you are
>>using
>>   a public computer.
>>    
>>
>
>Hotmail is a site, not an application.  Horde is an application, not a site.
>It is up to the site, not the application, to set the security policy.
>
>  
>
>>- Horde still can include this option in IMP 3.2 and make more than 50% of
>>   its users happy. :-)
>>    
>>
>
>Just because 50% of those who replied wanted it as X, doesn't mean that 
>after it is changed more than 50% of the new reactions won't be in the
>other direction after the change.
> 
>  
>
>>I don't want to start another long discusion. But I think this issue is
>>crucial,
>>beacuse Horde is meant to be a Public Mail Client(as I see it),
>>    
>>
>
>No, it is meant to be a mail client.  Public or private is up to the
>installer.
>
>  
>
>>secure enough at the login page.(Maybe the most sensitive page regarding
>>security)
>>    
>>
>
>It is really the browser that is not being secure.  Not the web page.
>The browser is acting in a non-standard way.
>
>  
>
>>I posted a 2 line patch for resolving this issue in IMP as an example on
>>how easy
>>it is to configure it.
>>    
>>
>
>And how wrong you are.  Besides your other mistakes (like saying enabled
>when you really mean disabled), you only fix this in IMP login.  What about
>gollem?  What about other password fields in horde applications?  The
>patch would have to be much more rigerous to be of any real value.
> 
>  
>
>>Regards
>>Oliver
>>    
>>
>
>  
>

-- 
Oliver Schulze L.
<oliver at samera.com.py>

More information about the imp mailing list