Re: Webmail authentication

["M. Zeeshan Mustafa" <security () zeeshan net>]

Its a browser-option, and yes you have no control over it, however as a
substitute method you replace your mail sign in method with custom html
form, and can take 2 text fields, txtUser and txtPass submit them to
http://<txtUser>:<txtPass>@mail.domain.com/MailApplication/ thru JavaScript
and also set <form autocomplete=off .....> in html form for security.

Good luck,
M. Zeeshan Mustafa
----- Original Message -----
From: "David Brown" <David.Brown () synergex com>
To: "'Security Basics' (E-mail)" <security-basics () securityfocus com>
Sent: Thursday, December 19, 2002 1:28 AM
Subject: Webmail authentication


My company is working on a webmail implementation, which requires that the
user authenticate to an NT domain.  Regardless of the authentication method,
there is always an option in the login dialog to 'Save this password in your
password list', which seems to be browser driven.  I don't want my user
population saving their passwords to various computers all over the world.
Does anyone have a clue how to remove or disable this option?

David M. Brown
Director, IT Services
S Y N E R G E X
<www.synergex.com>
Office: 916 853-0396
Mobile: 916 718-6695
FAX:    916 635-6549