2010.10.21 16:07, Cor Bosman rašė:
Hmm, indeed – why do we have autocomplete=off in the login form? We're not making a banking application.
Speak for yourself, we happen to care about the privacy and security of our customers.
Think: internet cafe, a prime location for using webmail.
I don't think the prime location argument still applies. At least not universally.
On the other hand, I believe that Internet cafes should really care more about the privacy and security of their visitors. Password management features should be disabled, but often are not, in Internet cafes.
But there's a reason why browsers provide password management, it's called convenience. By telling the browser to disable that feature for one particular website, you're not only protecting those clients who check email in internet cafes, but also annoying those who do this at home, using their own Personal Computers. Plus, this doesn't educate the user at all.
This could at least be configurable by the administrator.
As an alternative, an unchecked-by-default checkbox could exist on the login page, which would use JS to remove the autocomplete=off attributes from the form elements when checked. This way, a user could at least opt in to use the save password feature explicitly.
Rimas _______________________________________________ List info: http://lists.roundcube.net/dev/ BT/aba52c80