Re: Webmail authentication

["mike ryan" <mike () bitdamaged com>]

Depends on the type of authentication however if it's a web form you can use
some sort of randomization in the form name fields

<input type="password" name="pass5687784493">

The password caching mechanisms are based on the name of the field on the
page so changing out the name of the form field dynamically should work
though it may take a bit more code on the other side.

- mike

----- Original Message -----
From: "David Brown" <David.Brown () synergex com>
To: "'Security Basics' (E-mail)" <security-basics () securityfocus com>
Sent: Wednesday, December 18, 2002 12:28 PM
Subject: Webmail authentication


My company is working on a webmail implementation, which requires that the
user authenticate to an NT domain.  Regardless of the authentication method,
there is always an option in the login dialog to 'Save this password in your
password list', which seems to be browser driven.  I don't want my user
population saving their passwords to various computers all over the world.
Does anyone have a clue how to remove or disable this option?

David M. Brown
Director, IT Services
S Y N E R G E X
<www.synergex.com>
Office: 916 853-0396
Mobile: 916 718-6695
FAX:    916 635-6549