|
Posted by CoffeeGood on November 14, 2005, 11:26 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi folks,
I need to find a way either using Javascript, META tags,
or some similar solution to prevent people who visit my
webpage from having their passwords saved automatically
in the browser. The reason is security: the webpage
allows access to data that is critical, and if some other
person were for instance to steal a laptop that has a
saved password on it, that would be a major security issue.
So to give an example of what I'm talking about, banks and other
secure online systems prevent the automatic saving
of passwords. The question is, how do they do that?
Thanks.
|
|
Posted by Alun Jones on November 14, 2005, 12:05 pm
If you were Registered and logged in, you could reply and use other advanced thread options
CoffeeGood wrote:
> I need to find a way either using Javascript, META tags,
> or some similar solution to prevent people who visit my
> webpage from having their passwords saved automatically
> in the browser. The reason is security: the webpage
> allows access to data that is critical, and if some other
> person were for instance to steal a laptop that has a
> saved password on it, that would be a major security issue.
There is no way that the server can make the client do anything that the
client does not wish to do.
Imagine if you'd asked "How can I prevent people from writing down numbers
that I read to them over the phone?", or something that more accurately
represents your situation - you can ask, beg, plead, or command, but nothing
you can do will guarantee to make it happen.
> So to give an example of what I'm talking about, banks and other
> secure online systems prevent the automatic saving
> of passwords. The question is, how do they do that?
I'd say the safest bet is to visit one or two such sites, and see what they
do.
For instance, among the various things my bank does, they include <input ...
autocomplete="off"> to turn off autocomplete.
I'll make a guess that there are likely to be several things to do here, and
it's only a guess, because I'm not an HTML expert.
But once again, any of these measures are only _requests_ to the client.
They may very well be ignored, and should not be treated as "security".
They are hints.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@wftpd.com.
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
|
|
Posted by Jim on November 14, 2005, 8:25 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi folks,
>
> I need to find a way either using Javascript, META tags,
> or some similar solution to prevent people who visit my
> webpage from having their passwords saved automatically
> in the browser. The reason is security: the webpage
> allows access to data that is critical, and if some other
> person were for instance to steal a laptop that has a
> saved password on it, that would be a major security issue.
>
> So to give an example of what I'm talking about, banks and other
> secure online systems prevent the automatic saving
> of passwords. The question is, how do they do that?
Don't use apache/server authentication, but use..
autocomplete="off"
|
|
Posted by Martin on November 14, 2005, 10:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi folks,
>
> I need to find a way either using Javascript, META tags,
> or some similar solution to prevent people who visit my
> webpage from having their passwords saved automatically
> in the browser. The reason is security: the webpage
> allows access to data that is critical, and if some other
> person were for instance to steal a laptop that has a
> saved password on it, that would be a major security issue.
Have you considered using something like a token if it's that critical?
|
|
Posted by Hairy One Kenobi on November 15, 2005, 8:32 am
If you were Registered and logged in, you could reply and use other advanced thread options > Hi folks,
>
> I need to find a way either using Javascript, META tags,
> or some similar solution to prevent people who visit my
> webpage from having their passwords saved automatically
> in the browser. The reason is security: the webpage
> allows access to data that is critical, and if some other
> person were for instance to steal a laptop that has a
> saved password on it, that would be a major security issue.
>
> So to give an example of what I'm talking about, banks and other
> secure online systems prevent the automatic saving
> of passwords. The question is, how do they do that?
If you are getting them to connect over an SSL link (and, if the data is
remotely private - let alone critical - then you are) then the password is
not saved by default on any platform that I know of.
--
Hairy One Kenobi
Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!
|
| Similar Threads | Posted | | Prevent\Detect Dual Homing | August 27, 2006, 2:40 am |
| How to prevent my information from being accessed by webpages | February 21, 2008, 3:07 am |
| Encrypt a file to prevent unwanted viewers? | July 18, 2007, 12:12 pm |
| Prevent ID Theft and Surf Anonymously with Covert Surfer | August 12, 2008, 9:30 am |
| Prevent ID Theft and Surf Anonymously with Covert Surfer | August 12, 2008, 9:31 am |
| Prevent ID Theft and Surf Anonymously with Covert Surfer | August 12, 2008, 9:31 am |
| Prevent ID Theft and Surf Anonymously with Covert Surfer | August 12, 2008, 9:31 am |
| passwords | October 19, 2007, 11:42 am |
| Hashes and Passwords | May 21, 2006, 5:36 am |
| Win passwords - transmission to server | November 27, 2005, 1:36 am |
|
XML site map