• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..15-Dec-2011-

.htaccessH A D15-Dec-201114 21

COPYINGH A D17-Oct-200814.9 KiB282237

INSTALLH A D17-Oct-20082.4 KiB7654

READMEH A D15-Dec-20114.6 KiB14998

index.phpH A D15-Dec-2011473 182

README

1Password Forget plugin for SquirrelMail
2============================================================
3Ver 2.3, 2011/12/15
4
5
6Copyright (c) 2003-2011 Paul Lesniewski <paul@squirrelmail.org>
7Copyright (c) 2000-2001 Tyler Akins
8
9
10
11Description
12===========
13
14Many web browsers provide the capability to store all usernames
15and passwords entered on any web site.  Especially on public-
16access computers, this could pose the risk of stolen user login
17credentials.
18
19This plugin provides a workaround for this vulnerability, wherein
20the name of the username and password input fields is changed
21randomly every time the SquirrelMail login page is displayed.
22The browser is also asked specifically not to cache these fields.
23
24Please note that in some cases, the browser may still remember
25user credentials (perhaps on some older or more obscure browsers),
26however the chances that a same-named username or password field
27would be displayed again on that computer are very small.
28
29The administrator may, if desired, specify a list of "known clients"
30for which this functionality will be disabled (for the case when
31some users should be allowed to harness this browser feature to
32their benefit when at their home computers).
33
34
35
36Donations
37=========
38
39If you or your company make regular use of this software,
40please consider supporting Open Source development by
41donating to the authors or inquire about hiring them to
42consult on other projects.  Donation/wish list links for
43the author(s) are as follows:
44
45Paul Lesniewski: https://squirrelmail.org/donate_paul_lesniewski.php
46
47
48
49License
50=======
51
52This plugin is released under the GNU General Public
53License (see the file COPYING for details).
54
55
56
57Requirements
58============
59
60  * SquirrelMail version 1.0.1
61
62
63
64Troubleshooting
65===============
66
67  * If changes to the configuration file don't seem to be having
68    any effect, ensure that there are not two Password Forget
69    configuration files, one in the password_forget directory and
70    one in the main SquirrelMail config directory (named
71    "config_password_forget.php").  The one in the main SquirrelMail
72    config directory will always override the one in the
73    password_forget directory.
74
75
76
77Help Requests
78=============
79
80Before looking for help elsewhere, please try to help yourself:
81
82  * Read the Troubleshooting section herein.
83
84  * Look to see if others have already asked about the same issue.
85    There are tips and links for the best places to do this in
86    the SquirrelMail mailing list posting guidelines:
87    http://squirrelmail.org/wiki/MailingListPostingGuidelines
88    You should also try Google or some other search engine.
89
90  * If you cannot find any information about your issue, please
91    first mail your help request to the squirrelmail-plugins
92    mailing list.  Information about it can be found here:
93    http://lists.sourceforge.net/mailman/listinfo/squirrelmail-plugins
94    You MUST read the mailing list posting guidelines (see above)
95    and include as much information about your issue (and your
96    system) as possible.  Including configtest output, any debug
97    output, the plugin configuration settings you've made and
98    anything else you can think of to make it easier to diagnose
99    your problem will get you the most useful responses.  Inquiries
100    that do not comply with the posting guidelines are liable to
101    be ignored.
102
103  * If you don't get any replies on the mailing list, you are
104    welcome to send a help request to the authors' personal
105    address(es), but please be patient with the mailing list.
106
107
108
109TODO
110====
111
112  * Ideas?
113
114
115
116Change Log
117==========
118
119  v2.3  2011/12/15  Paul Lesniewski <paul@squirrelmail.org>
120    * This plugin will now also attempt to "tell" the browser not
121      to cache usernames/passwords (by using the "autocomplete"
122      attribute on the input form tags)
123
124  v2.2  2008/10/29  Paul Lesniewski <paul@squirrelmail.org>
125    * Update to work with SquirrelMail 1.5.2+
126    * General cleanup and updates
127
128  v2.1  2004/09/12  Paul Lesniewski <paul@squirrelmail.org>
129    * Added ability to turn plugin off for certain known clients
130    * Updated for compatibility with plugin updates plugin/plugin specs
131
132  v2.0  2003/03/16  Paul Lesniewski <paul@squirrelmail.org>
133    * Updated for compatibility with SquirrelMail version 1.4
134    * New setup.php format for better overall SquirrelMail performance
135
136  v1.3  2003/02/05  Paul Lesniewski <paul@squirrelmail.org>
137    * Register_globals = Off compatible (and compatible with vlogin plugin)
138    * Compatible with "plugin updates" plugin
139
140  v1.2  2001/03/25  Tyler Akins
141    * Works with changes to login form
142
143  v1.1  2000/12/06  Tyler Akins
144    * Works now with the focus_change plugin
145
146  v1.0  2000  Tyler Akins
147    * Initial release
148
149