PHWinfo - Afficher un message - Website Security - Preventing Users storing their login details intheir browser...

18/02/2008, 14h14

Danish wrote:
> On Feb 14, 8:01 pm, WindsorFox <darkshado...@gmail.com> wrote:
>> Danish wrote:
>>> Hi,
>>> I'm creating a web based database. The users of the database will
>>> complete a login form with User Name and Password.
>>> Many browsers offer the user the option of storing their login
>>> details. For example: IE asks if you want to store the login details
>>> when you click the submit button.
>>> I need to know if there anything I can do when I create the login page
>>> (which will be generated by a Perl program) which will either prevent
>>> the browser from offering this option or prevent the user from
>>> accepting it.
>>> Any ideas welcome!
>>> Nigel
>> A site that did that to me I would never use again, but regardless,
>> there are ways around it anyway.
>>
>> --
>> "Yah know I hate it when forces gather in ma' fringe..." - Sheogorath
>>
>> "Daytime television sucked 20 years ago,
>> and it still sucks today!" - Marc Bissonette- Hide quoted text -
>>
>> - Show quoted text -
>
> Hi all,
>
> Thanks for the various advice. I should have made clear that the site
> I'm creating is for use only by a company's employees (so they don't
> have the choice about whether to use it or not), that they may be
> accessing the data from 'public' computers and that the data stored is
> of a sensitive nature so security is of high importance.
>
> I take the point about autocomplete making it easier for visitors to
> use complex passwords. I already have in mind to expire passwords
> after a set period and to enforce a mix of alphabetic and numeric
> characters and a minimum length.
>
> Thanks again,
>
> Nigel
>
>
>

But that won't stop browsers from storing passwords on those public
computers. All it will do is keep the user from reusing the passwords.
The password can still be on the computer - and readable by an
administrator.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

18/02/2008, 14h14	#9
Jerry Stuckle Messages: n/a Hébergeur:	Re: Website Security - Preventing Users storing their login detailsin their browser... Danish wrote: > On Feb 14, 8:01 pm, WindsorFox <darkshado...@gmail.com> wrote: >> Danish wrote: >>> Hi, >>> I'm creating a web based database. The users of the database will >>> complete a login form with User Name and Password. >>> Many browsers offer the user the option of storing their login >>> details. For example: IE asks if you want to store the login details >>> when you click the submit button. >>> I need to know if there anything I can do when I create the login page >>> (which will be generated by a Perl program) which will either prevent >>> the browser from offering this option or prevent the user from >>> accepting it. >>> Any ideas welcome! >>> Nigel >> A site that did that to me I would never use again, but regardless, >> there are ways around it anyway. >> >> -- >> "Yah know I hate it when forces gather in ma' fringe..." - Sheogorath >> >> "Daytime television sucked 20 years ago, >> and it still sucks today!" - Marc Bissonette- Hide quoted text - >> >> - Show quoted text - > > Hi all, > > Thanks for the various advice. I should have made clear that the site > I'm creating is for use only by a company's employees (so they don't > have the choice about whether to use it or not), that they may be > accessing the data from 'public' computers and that the data stored is > of a sensitive nature so security is of high importance. > > I take the point about autocomplete making it easier for visitors to > use complex passwords. I already have in mind to expire passwords > after a set period and to enforce a mix of alphabetic and numeric > characters and a minimum length. > > Thanks again, > > Nigel > > > But that won't stop browsers from storing passwords on those public computers. All it will do is keep the user from reusing the passwords. The password can still be on the computer - and readable by an administrator. -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================