Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

weblogin form username and password autosave

Russ Allbery eagle at windlord.stanford.edu
Thu Jan 10 08:58:21 PST 2013


YANG ChengFu <youngseph at gmail.com> writes:

> yes, I want to prefilling field from cookie, thanks for your suggestion, I
> will take a look at it 1

I will mention that at least Firefox, and I thought most browsers these
days, have built-in support for remembering usernames and passwords on web
sites, and usually do that somewhat more securely than with cookies.  (For
example, Firefox can optionally encrypt the database in a master password,
and I think Safari uses the Mac OS X keychain.)

If your users are using standard browsers, you may want to push them that
way instead for the password part of things.  (We try to discourage our
users from doing that with our WebLogin server, at least unless they
enable a master password or some sort of secondary authentication, but
it's protecting salary information, student grades, private email, and so
forth.  If you're protecting things that aren't as high-value, it might be
a worthwhile tradeoff.)

-- 
Russ Allbery <eagle at windlord.stanford.edu>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University


More information about the webauth-info mailing list