[Mailman-Users] Firefox password issue (was Re: Hijacking threads and netiquette)
Dragon
dragon at crimson-dragon.com
Tue Sep 5 19:25:37 CEST 2006
David Dyer-Bennet sent the message below at 09:55 9/5/2006:
>Why doesn't Firefox (or other browsers, I think I've seen the same
>behavior in Opera) offer me the chance to remember the Administrative
>password for my site?
---------------- End original message. ---------------------
It is very simple. It is because these browsers that do this sort of
thing are looking for an HTML input field named "password" (and maybe
a few other similar names). If they do not find one with the name
they expect, they do not save the password.
The field on the login page is named "adminpw" and is thus not
recognized. What these browsers SHOULD be looking for is the TYPE of
the input and not the name. But then again, I think this feature of
some browsers is a security breach waiting to happen.
If you look at the source for the login page you will see something like this:
<INPUT TYPE="password" NAME="adminpw" SIZE="30">
You could modify your copy of mailman to change the name of that
field if you wanted, I am not sure exactly how much of a change it
would be and exactly which files are involved but I can't imagine it
would take more than a handful of lines. However, I personally see
nothing wrong with the way it is done now, in fact, I think it is a
good practice. The reason I say this is that I believe saving
passwords on your computer is generally a bad idea as it is a risky
practice. All computers connected to the Internet and not physically
secured from unauthorized access are vulnerable to attack.
Dragon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Mailman-Users
mailing list