Autocomplete security breach

Results 1 to 3 of 3

Thread: Autocomplete security breach

  1. #1
    Philbert Guest

    Default Autocomplete security breach

    I am building an intranet site for a client company where I suspect there are employers who donot understand the ins and outs of web browsers and security (and don&#039;t really need to)<BR><BR>IE5 and higher however offers to store passwords for the user.<BR>If any of the unskilled users accept this, then we have a problem. Especially since the usernames are the low security registration numbers of the users, they appear on the employers&#039; paycheck.<BR><BR>Any idea how I can counter this?<BR>Thanks,<BR>Philbert<BR>

  2. #2
    Join Date
    Dec 1969

    Default random INPUT names

    When building the login page, assign a random name to the password and username fields.<BR><BR>Then, include hidden fields named "password" and "username", each with the respective random value you used to name the displayed fields.<BR><BR>On your processing page, to get the UserName:<BR>Request.Form(Request.Form("username") )<BR>To get the PassWord:<BR>Request.Form(Request.Form("password") )<BR><BR>IE remebers entries based on the names of the fields. Randomly named fields will overcome this issue.

  3. #3
    Join Date
    Dec 1969

    Default even easier

    this question has been on my mind for awhile, and i had come up with the random names solution before.<BR><BR>but, give this a shot. i just went to a site on which some fields have autocomplete disabled.<BR><BR>with view source, all i can see that they did is set the value="" in the input. might do the trick as well, though there is a possibility they are doing something else somewhere in their client script.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts