Ask a Question related to ASP.NET Security, Design and Development.
-
Peter Brown #1
Preventing saved passwords
I have developed a web site running on Win2k and IIS.
It uses Integrated Windows Authentication. When the user
selects
the URL for the site, they are prompted for their Network
Password. On this dialog is a checkbox 'Save this
password
to your password list'. If the user checks this, their
password
will be pre-entered the next time the page is opened.
My question is, How can I force the
users to have to enter their password even if they
have checked the 'Save Password' box?
Peter Brown Guest
-
Where are passwords saved?
I previously clicked "remember my password", but now I need the password dialog to come up. Where is the password saved? If I can find it and delete... -
Encrypting Passwords
When developing a login page, does setting the text box property to "password" encrypt the password? To ensure encryption should I use the php... -
passwords
would like to undo a saved password, how do I do this? Thanks in advance -
email account and other passwords not saved
I recently purchased a new computer with XP home as the OS. I connect to the Internet through a cable modem on my old computer through a router. ... -
Why are passwords in /etc?
This may be a silly question: Why is /etc/shadow in /etc? Generally, applications and static data go in /usr. You could mount /usr read-only... -
Keith #2 Preventing saved passwords
You do not have control over this unfortunately. In
fact, if the users are on your local network they could
easily configure IE to just pass through their
credentials without prompting. To address this security
concern you can do two things:
1. Educate users to not do it (best approach)
2. Programatically login to the domain using forms
authentication going against Active Directory. You might
not be using a domain to authenticate, but if you are
here's a good link to a VB.Net sample of using forms
authentication against Active Directory:
[url]http://support.microsoft.com/default.aspx?scid=kb;EN-[/url]
US;326340
Choice two is good because any browser can support NTLM
authenication. Only IE and Mozilla/Netscape support
NTLM. No support for Apple Safari or Konqueror on Linux.
Good luck.
user>-----Original Message-----
>I have developed a web site running on Win2k and IIS.
>It uses Integrated Windows Authentication. When the>selects
>the URL for the site, they are prompted for their Network
>Password. On this dialog is a checkbox 'Save this
>password
>to your password list'. If the user checks this, their
>password
>will be pre-entered the next time the page is opened.
>
>My question is, How can I force the
>users to have to enter their password even if they
>have checked the 'Save Password' box?
>.
>Keith Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
