Re: Webmail authentication

[Brian Bruns <bruns () 2mbit com>]

At 01:08 PM 12/19/02 -0500, Brian Bruns wrote:
> Have the login actually occour on the page and not via the popup would be
> the easiest.  IIRC, Squirrel mail had come up with a method to prevent
> password saving by changing the username and password box on the login
> screen to different  name values.
>
> I'll look it up though and post a follow up...
Ok, as promised,

------
http://www.squirrelmail.org/plugin_view.php?id=12

Changes the name of the input form field on the login screen so that newer
browsers have an almost impossible time trying to remember your name and
password. Use this if you want the extra security or if the majority of
your users use public terminals. 
------


I've used this tactic before, and its worked quite well to discourage
people from saving passwords.  In fact, I used to get nasty calls from
users at times about this :)

You can download the plugin and look at the code and get an idea of what it
does.  Should be easily enough to implement in NT's ASP or whatever you use.


Brian


--------------------------------
Brian Bruns
Founder, The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511

No spam tolerated.  By sending an e-mail to this account, your
server may be subjected to an open relay/open proxy test as part
of our ongoing efforts to reduce spam.