Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

weblogin form username and password autosave

YANG ChengFu youngseph at gmail.com
Thu Jan 10 11:05:54 PST 2013


Hello Tom,

thanks a lot, it works !

--
Yang
Orange Key: 35745318S1


On Thu, Jan 10, 2013 at 11:51 AM, Tom Jones <tom.jones at it.ox.ac.uk> wrote:

> > > YANG ChengFu <youngseph at gmail.com> writes:
> > >
> > > > as I know webauth does not allow web browser to save username and
> > > > password in weblogin form, I guess it is for security reason, but
> people
> > > > in our company complain a lot, so I am wondering if it is possible to
> > > > enable it to save username or username/password?
>
> > On Wed, Jan 9, 2013 at 8:26 PM, Russ Allbery <
> eagle at windlord.stanford.edu>wrote:
> >
> > > I'm not sure what you mean by saving.  Do you mean the browser support
> for
> > > saving frequently-used form data, prefilling the fields from a cookie,
> or
> > > something else?
> [...]
>
> * YANG ChengFu <youngseph at gmail.com> [2013-01-10 10:27 -0500]:
> >
> > yes, I want to prefilling field from cookie, thanks for your suggestion,
> I
> > will take a look at it 1
>
> Before you pursue the cookie route, I'll just expand on something else Russ
> mentioned, which is "browser support for saving [...] form data", as this
> was definitely how I interpreted your initial question.  The login form in
> login.tmpl (the *.tmpl files are the ones that are designed to be routinely
> customisable by most sites) has:
>
>     autocomplete="OFF"
>
> Although it's not quite true to say that this doesn't allow the browser to
> save the username and password, most browsers will obey this hint and
> decline to offer their usual form filling and password remembering
> functionality for this form.
>
> Removing the autocomplete="OFF" attribute isn't necessarily a bad idea in
> all cases, but should be done with an understanding of how it can affect
> relevant risks, which in turn depend on many aspects of client
> configuration
> and user behaviour, and will vary from organisation to organisation.
>
> --
> Tom Jones
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/webauth-info/attachments/20130110/3bfc7995/attachment-0001.html>


More information about the webauth-info mailing list