[imp] logon already filled out with a username?

Amith Varghese amith at xalan.com
Mon Aug 16 08:40:57 PDT 2004


Quoting Marcus Frischherz <marcus at casaberg.at>:

> Zitat von Amith Varghese <amith at xalan.com>:
>
>
>> I have a Horde website https://mail.xalan.com.  Lets say one of my users
>> logs
>> in as "foo" to my website from the cyber cafe in Tallinn.  They login and
>> check their e-mail and then logout.
>>
>> At this point no one has ever been to your Horde website, but they have been
>> to *mine*
>>
>> Now you walk up to the same terminal.  This terminal is running IE and has
>> been configured to save form values.  You goto the login screen of your
>> Horde
>> site.  You now see "foo" in the username.
>>
> ok.. I'll admit that this is possible. However, it is not very 
> likely. Whenever
> I see the username auto-filled (and the same was reported to me by 
> others of my
> users) it is the same, it happens to be "roman". So in your scenario, every
> unlikely place I go to a cyber cafe, someone has used that terminal and
> accessed another horde/imp installation and used the username "roman". Well,
> not really convincing.
>
> Can we have a definitive answer from a horde/imp developer whether 
> the username
> is ever filled out?

Well I can't speak to how common the username roman is.  I've looked at the
login code a bunch and I've never seen anything there about auto-fill in.  If
there was, there would be an option to turn it off (and there isn't).  Next
time you see this you should check IE to see whether it is set to "remember"
form values.

Amith

>
> Marcus
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
> !DSPAM:4120cfc1112842020213523!





More information about the imp mailing list