Re: how to programmatically prevent passwords being saved?

From: winged (winged_at_nofollow.com)
Date: 11/15/05


Date: 15 Nov 2005 04:28:06 EST

Hairy One Kenobi wrote:
> "CoffeeGood" <fbui2@yahoo.com> wrote in message
> news:1131996390.569642.47720@z14g2000cwz.googlegroups.com...
>
>>Hi folks,
>>
>>I need to find a way either using Javascript, META tags,
>>or some similar solution to prevent people who visit my
>>webpage from having their passwords saved automatically
>>in the browser. The reason is security: the webpage
>>allows access to data that is critical, and if some other
>>person were for instance to steal a laptop that has a
>>saved password on it, that would be a major security issue.
>>
>>So to give an example of what I'm talking about, banks and other
>>secure online systems prevent the automatic saving
>>of passwords. The question is, how do they do that?
>
>
> If you are getting them to connect over an SSL link (and, if the data is
> remotely private - let alone critical - then you are) then the password is
> not saved by default on any platform that I know of.
>
But the user "can" save passwords on at least IE, Firefox, and Netscape
over SSL. This paper you may find useful in solving your issue:

http://crypto.stanford.edu/PwdHash/pwdhash.pdf

Winged



Relevant Pages

  • Re: how to programmatically prevent passwords being saved?
    ... >>I need to find a way either using Javascript, META tags, ... >>webpage from having their passwords saved automatically ... > If you are getting them to connect over an SSL link (and, ...
    (alt.computer.security)
  • Re: JS and security.
    ... >> address hard security issues via JavaScript. ... > One good use for Javascript is the encryption of passwords before they are ... Most users use the same passwords for multiple ...
    (comp.lang.javascript)
  • Re: Protection against showing hidden passwords with javascript
    ... I recently learned of the "exploit" where you can run a javascript ... Please refrain from stating the obvious, "don't save your passwords". ... security too much, but don't want my passwords to disappear. ... To protect against this on the client end, ...
    (comp.security.misc)
  • Re: how to programmatically prevent passwords being saved?
    ... > I need to find a way either using Javascript, META tags, ... > webpage from having their passwords saved automatically ... > secure online systems prevent the automatic saving ... "Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten ...
    (comp.security.misc)
  • RE: Password Quality checker
    ... Because javascript runs in the browser on the client side, ... cannot absolutely rely on it to do input validation -- and under ... whether the passwords they choose meet the organization's ... Windows GPO) ...
    (Security-Basics)