[imp] Autocomplete option in $conf[]
Oliver Schulze L.
oliver at samera.com.py
Wed Feb 19 16:03:21 PST 2003
Eric Rostetter wrote:
>Quoting "Oliver Schulze L." <oliver at samera.com.py>:
>
>
>
>>Hi,
>>I'm writting about the 'autocomplete=off' parameter that can be inside
>>a <form> tag.
>>
>>
>
>Been discussed before, and added to the FAQ.
>
>
>
>>I know that using autocomplete is not xhtml compliant, but since many
>>modern internet browser have the availability to save users's passwords
>>in public computers, I think this issue must be configurable in the file
>>/imp/config/conf.php following a big warning that enabling it will
>>result is
>>a non xhtml compliant page.
>>
>>
>
>So that Horde/IMP won't save their password, but every other web site
>the go to will??? If this is a public computer, then the option should
>be disabled in the browser, so it won't work with any page. Trying to
>change pages/sites one-by-one won't give any real security. Disabling
>it in the browser will.
>
>
>
>>I think that in the case of public computers, this is a security issue
>>when the public
>>computer is not configured properly.
>>
>>
>
>But it only fixes one hole out of thousands, and is hardly worth worrying
>about. If you run a public facility, make sure it is configured correctly.
>
>
>
>>What do you think about it?
>>
>>
Hi Eric,
>Well, from a Horde point of view, I'm fairly neutral. Don't really care much.
>But from a security point of view, this misses the boat totally. It is
>completely the wrong way to tackle a security issue...
>
I'm abandoning my pursue to having this options enabled. I did't know it
was
a sensitive issue.
My policy is that when I found a sensitive issue in a OSS project, then
I let
the Project's owners decide and I stop asking for that sensitive issue.
The same happened to me when I was doing a litle patch for Mozilla to
have Ctrl+Enter in the URL bar like IE. When I realize that it was a
really *big* sensitive issue, I stopped asking for my patch to be
accepted (and started using my own patch)
I don't want people to start taking side about this issue, so I say:
"Peace, and let it the way it is"
I don't want to be the responsible for starting the fire :-)
Regards
Oliver
--
Oliver Schulze L.
<oliver at samera.com.py>
More information about the imp
mailing list