concerning security

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

concerning security

Rajesh M-3
hi all,

we noted that browsers are storing webmail url, userid and password for the email accounts. for example in firefox browser this is easily seen under tools > options > security > saved passwords.

using ssl just encrypts the connection during transmission but the ssl url , email id and password gets stored in the browser

my question is how to how to tackle this issue so that even if a malware gets into some user's computer and gets the information it will be useless.

ie Obfuscate url, userid and password or ensure that that information stored in browser is incomplete and cannot be used.

thanks,
rajesh



------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: concerning security

Paul Lesniewski
On 3/18/15, Rajesh M <[hidden email]> wrote:

> hi all,
>
> we noted that browsers are storing webmail url, userid and password for the
> email accounts. for example in firefox browser this is easily seen under
> tools > options > security > saved passwords.
>
> using ssl just encrypts the connection during transmission but the ssl url ,
> email id and password gets stored in the browser
>
> my question is how to how to tackle this issue so that even if a malware
> gets into some user's computer and gets the information it will be useless.
>
> ie Obfuscate url, userid and password or ensure that that information stored
> in browser is incomplete and cannot be used.

This is mostly nothing to do with SquirrelMail, but you should look at
the Password Forget plugin.

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: concerning security

Rajesh M-3
In reply to this post by Rajesh M-3
----- Original Message -----
From: Paul Lesniewski [mailto:[hidden email]]
To: [hidden email]
Sent: Wed, 18 Mar 2015 18:35:56 -0700
Subject: Re: [SM-USERS] concerning security

On 3/18/15, Rajesh M <[hidden email]> wrote:

> hi all,
>
> we noted that browsers are storing webmail url, userid and password for the
> email accounts. for example in firefox browser this is easily seen under
> tools > options > security > saved passwords.
>
> using ssl just encrypts the connection during transmission but the ssl url ,
> email id and password gets stored in the browser
>
> my question is how to how to tackle this issue so that even if a malware
> gets into some user's computer and gets the information it will be useless.
>
> ie Obfuscate url, userid and password or ensure that that information stored
> in browser is incomplete and cannot be used.
This is mostly nothing to do with SquirrelMail, but you should look at
the Password Forget plugin.

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users


i understand that this has got nothing to do with squirrelmai functionality ... but what i am asking for will definitely increase the security of squirrelmail

password forget plugin does not work.

is there someway to obfuscate the  passwords stored in the browsers ? maybe concatenate some random numbers/strings with the existing password

rajesh



------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: concerning security

Juergen Nickelsen
On 19.03.2015 03:53, Rajesh M wrote:
> is there someway to obfuscate the  passwords stored in the browsers ? maybe concatenate some random numbers/strings with the existing password

While your concern is certainly valid, the password storage is purely a
browser-side function. The website in question is not involved in this
at all, SquirrelMail or else.

The only way to avoid this is probably by not using "password" type
input fields, which I don't think is a very good idea.

Regards, Juergen.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: concerning security

Paul Lesniewski
In reply to this post by Rajesh M-3
Learn how to properly quote the messages you are replying to and trim the fluff.

> i understand that this has got nothing to do with squirrelmai functionality
> ... but what i am asking for will definitely increase the security of
> squirrelmail
>
> password forget plugin does not work.

Prove it.  Did you even try the plugin?

If your browser doesn't support the autocomplete attribute, you need
to give more information.

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Loading...