Security Basics mailing list archives
Re: Webmail authentication
From: Michael Boman <michael.boman () securecirt com>
Date: Fri, 20 Dec 2002 02:46:02 +0800
On Wed, Dec 18, 2002 at 12:28:50PM -0800, David Brown wrote:
My company is working on a webmail implementation, which requires that the user authenticate to an NT domain. Regardless of the authentication method, there is always an option in the login dialog to 'Save this password in your password list', which seems to be browser driven. I don't want my user population saving their passwords to various computers all over the world. Does anyone have a clue how to remove or disable this option?
No, you can usually not control the client browser. Put a policy in place instead that forbids people to save it in the browser and gives the managment power to inforce disiplenary actions if they break it (not all security problems can be removed with technology). Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd) http://www.securecirt.com
Attachment:
_bin
Description:
Current thread:
- Webmail authentication David Brown (Dec 19)
- Re: Webmail authentication C-Foo (Dec 20)
- Re: Webmail authentication Michael Boman (Dec 20)
- Re: Webmail authentication M. Zeeshan Mustafa (Dec 20)
- Re: Webmail authentication Peter Howard (Dec 20)
- Re: Webmail authentication mike ryan (Dec 20)
- <Possible follow-ups>
- RE: Webmail authentication Christian Freas (Dec 20)
- Re: Webmail authentication Brian Bruns (Dec 20)
- Re: Webmail authentication Brian Bruns (Dec 20)
- RE: Webmail authentication Anthony, Shayla (Dec 20)
- Re: Webmail authentication Nicole Nicholson (Dec 20)
- Re: Webmail authentication wbjw (Dec 20)
- Re: Webmail authentication Chris Berry (Dec 20)
(Thread continues...)