[SM-USERS] concerning security
hi all, we noted that browsers are storing webmail url, userid and password for the email accounts. for example in firefox browser this is easily seen under tools > options > security > saved passwords. using ssl just encrypts the connection during transmission but the ssl url , email id and password gets stored in the browser my question is how to how to tackle this issue so that even if a malware gets into some user's computer and gets the information it will be useless. ie Obfuscate url, userid and password or ensure that that information stored in browser is incomplete and cannot be used. thanks, rajesh -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] concerning security
On 3/18/15, Rajesh M <24x7ser...@24x7server.net> wrote: > hi all, > > we noted that browsers are storing webmail url, userid and password for the > email accounts. for example in firefox browser this is easily seen under > tools > options > security > saved passwords. > > using ssl just encrypts the connection during transmission but the ssl url , > email id and password gets stored in the browser > > my question is how to how to tackle this issue so that even if a malware > gets into some user's computer and gets the information it will be useless. > > ie Obfuscate url, userid and password or ensure that that information stored > in browser is incomplete and cannot be used. This is mostly nothing to do with SquirrelMail, but you should look at the Password Forget plugin. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] concerning security
- Original Message - From: Paul Lesniewski [mailto:p...@squirrelmail.org] To: squirrelmail-users@lists.sourceforge.net Sent: Wed, 18 Mar 2015 18:35:56 -0700 Subject: Re: [SM-USERS] concerning security On 3/18/15, Rajesh M <24x7ser...@24x7server.net> wrote: > hi all, > > we noted that browsers are storing webmail url, userid and password for the > email accounts. for example in firefox browser this is easily seen under > tools > options > security > saved passwords. > > using ssl just encrypts the connection during transmission but the ssl url , > email id and password gets stored in the browser > > my question is how to how to tackle this issue so that even if a malware > gets into some user's computer and gets the information it will be useless. > > ie Obfuscate url, userid and password or ensure that that information stored > in browser is incomplete and cannot be used. This is mostly nothing to do with SquirrelMail, but you should look at the Password Forget plugin. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users i understand that this has got nothing to do with squirrelmai functionality ... but what i am asking for will definitely increase the security of squirrelmail password forget plugin does not work. is there someway to obfuscate the passwords stored in the browsers ? maybe concatenate some random numbers/strings with the existing password rajesh -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
