Security Basics mailing list archives
Re: Webmail authentication
From: Brian Bruns <bruns () 2mbit com>
Date: Fri, 20 Dec 2002 12:37:11 -0500
At 01:08 PM 12/19/02 -0500, Brian Bruns wrote:
Have the login actually occour on the page and not via the popup would be the easiest. IIRC, Squirrel mail had come up with a method to prevent password saving by changing the username and password box on the login screen to different name values. I'll look it up though and post a follow up...
Ok, as promised, ------ http://www.squirrelmail.org/plugin_view.php?id=12 Changes the name of the input form field on the login screen so that newer browsers have an almost impossible time trying to remember your name and password. Use this if you want the extra security or if the majority of your users use public terminals. ------ I've used this tactic before, and its worked quite well to discourage people from saving passwords. In fact, I used to get nasty calls from users at times about this :) You can download the plugin and look at the code and get an idea of what it does. Should be easily enough to implement in NT's ASP or whatever you use. Brian -------------------------------- Brian Bruns Founder, The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.2mbit.com ICQ: 8077511 No spam tolerated. By sending an e-mail to this account, your server may be subjected to an open relay/open proxy test as part of our ongoing efforts to reduce spam.
Current thread:
- Webmail authentication David Brown (Dec 19)
- Re: Webmail authentication C-Foo (Dec 20)
- Re: Webmail authentication Michael Boman (Dec 20)
- Re: Webmail authentication M. Zeeshan Mustafa (Dec 20)
- Re: Webmail authentication Peter Howard (Dec 20)
- Re: Webmail authentication mike ryan (Dec 20)
- <Possible follow-ups>
- RE: Webmail authentication Christian Freas (Dec 20)
- Re: Webmail authentication Brian Bruns (Dec 20)
- Re: Webmail authentication Brian Bruns (Dec 20)
- RE: Webmail authentication Anthony, Shayla (Dec 20)
- Re: Webmail authentication Nicole Nicholson (Dec 20)
- Re: Webmail authentication wbjw (Dec 20)
- Re: Webmail authentication Chris Berry (Dec 20)
- RE: Webmail authentication Paul Carroll (Dec 20)
- RE: Webmail authentication Marc Suttle (Dec 20)
- Re: Webmail authentication riscorp (Dec 20)
- Re: Webmail authentication Chris Berry (Dec 20)